Index
A
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
W
X
Symbols
- <as-context> element, 14-7
- <confidentiality> element, 14-7
- <default-method-access> element, 12-11
- <establish-trust-in-client> element, 14-7
- <establish-trust-in-target> element, 14-7
- <group> element, 3-24
- <groups> element, 3-24
- <integrity> element, 14-7
- <jazn>
- and LoginModule, 7-6
- <jazn> element
- and <password-manager> element, 10-4
- <jazn> entity, 3-5
- in orion-application.xml, 3-6, 3-8
- <jazn-loginconfig>, 7-4
- <jazn-policy>, 7-5
- <jazn-web-app> element, 3-11, 3-13
- auth-method, 3-12
- <login-module> entity
- options, 3-17
- <method> element
- defined, 12-7
- <method-permission> element, 12-5, 12-7
- <password-manager> element, 10-4
- <principals> element, 3-24
- <property> element
- <jazn> tag, 3-9
- <role-link> element, 12-5, 12-6
- <role-name> element, 12-5
- <run-as> element, 12-9
- <sas-context> element, 14-7
- <security-identity> element, 12-9
- <security-role> element, 12-5
- <security-role-mapping> element, 12-10, 12-11
- <security-role-ref> element, 12-5
- <session-tracking> element, 11-27
- <ssl-config> element, 11-25, 11-26
- <transport-config> element, 14-6
- <unchecked/> element, 12-9
- <use-caller-identity/> element, 12-10
- <user> element, 3-24
- <users> element, 3-24
- <web-app> element, 11-26
- <web-site> element, 11-25
A
- access control lists
- definition, 2-11
- AccessController, 9-3
- AccessTest1, A-13
- actions
- definition, 9-2
- add command, 5-20
- adding and removing realms, 5-7, 5-8
- adding and removing roles, 5-10
- adding and removing users, 5-11
- -addperm option to JAZN Admintool, 5-7, 5-8
- -addprncpl option to JAZN Admintool, 5-9
- -addrealm option to JAZN Admintool, 5-10
- -addrole option to JAZN Admintool, 5-10
- -adduser option to JAZN Admintool, 5-11
- administering
- JAAS provider, 4-2 to 4-16
- AdminPermission class
- administering permissions, 4-15
- definition, 9-3, 9-4
- Apache Listener. See Oracle HTTP Server
- Application Realm
- creation code, A-9
- definition, 4-8
- role management, 4-8, 4-11
- sample LDAP directory information tree, 4-11
- user management, 4-8, 4-11
- applications
- in Java 2 application environments, 6-2
- with JAAS, 2-5
- attributes
- default-realm, 3-7, 3-8
- location, 3-6, 3-8
- persistence, 3-7, 3-8
- provider, 3-6, 3-8
- authentication, 1-3, 2-11
- basic, 6-5
- environments, 6-5
- J2EE, 6-14
- SSL, 11-5
- using login modules, 2-3
- using OracleAS Single Sign-On (SSO), 2-7
- using RealmLoginModule class, 2-7
- with Basic Authentication, 6-11
- with SSL, 6-8
- with SSO, 2-7, 6-6
- authentication methods, 3-11
- auth-method, 3-11, 3-12
- authorization, 1-3
- J2EE, 6-15
C
- cache properties, 3-21
- caching, 3-19
- disabling, 3-20
- capability model
- definition, 2-11
- certificate authorities (SSL), 11-2
- certificates (SSL), 11-2
- checking
- passwords, 5-12
- -checkpasswd option to JAZN Admintool, 5-12
- cipher suites
- supported by Oracle HTTPS, 11-12, 11-13
- class names
- definition, 9-2
- clear command, 5-20
- client.sendpassword property, 14-9
- codesource in policy files, 2-5
- Common Secure Interoperability version 2 see CSIv2
- config
- attribute of <jazn> tag, 3-7
- configuration data
- retrieving from jazn.xml file, 5-12
- configuring
- LoginModules, 7-4
- cookie domain, 11-27
- cookie-domain attribute, 11-27
- createUser method, 2-8
- creation code
- Application Realm, A-9
- credentials, 1-3, 4-7, 10-3
- cryptographic keys, 1-3
- CSIv2
- and EJBs, 14-4
- internal-settings.xml, 14-4
- introduction, 14-2
- properties in orion-ejb-jar.xml, 14-6
- security properties, 14-6
D
- DAS, 2-9
- data storage
- in LDAP-based environments, 4-11
- default-realm attribute, 3-7, 3-8
- Delegated Administrative Service, see DAS
- deploying
- LoginModule, 7-2
- deployment descriptor
- security, 12-5
- deployment descriptors, 3-3
- J2EE Connector, 13-2
- security, 12-5, 12-11
- DER, 11-10
- digital certificates, 1-4
- directory entries
- Java Authorization Service, 4-9 to 4-13
- directory information tree (DIT)
- Application Realm, 4-11
- External Realm, 4-9
- Java Authorization Service, 4-13
- directory information tree Identity Management Realm, 4-9
- disabling caching, 3-20
- Distinguished Encoding Rules, 11-10
- distinguished name (DN), 4-12
- doAsPrivileged(), 3-13
- doasprivileged-mode, 3-14
- DTDs
- internal-settings.xml, 14-4
- <ior-security-config> element, 14-8
E
- EJB
- CSIv2, 14-4
- interoperability, 14-1
- security, 12-3
- server security properties, 14-2
- ejb_sec.properties, 14-8
- ejb-jar.xml, 3-3
- environments, 4-5
- exit command, 5-20
- External Realm
- automatically installed, 4-12
- definition, 4-8
- role management, 4-8, 4-9
- sample LDAP directory information tree, 4-9
- user management, 4-8, 4-9
F
- foundations of the JAAS Provider, 2-2
G
- GenericCredential interface
- and Kerberos, 13-6
- getAttribute("java.security.cert.X509certificate"), 6-15
- getAuthType, 6-15
- -getconfig option to JAZN Admintool, 5-12
- getGroup method, 2-8
- getRemoteUser, 6-15
- getUser method, 2-8
- getUserPrincipal, 6-15
- granting and revoking permissions, 5-12
- -grantperm option to JAZN Admintool, 5-12
H
- help command, 5-20
- hosted application environments, 4-15
- HTTPClient.HttpUrlConnection, 11-14
- HTTPConnection, 11-9
- HTTPS
- client-authentication, 11-31
- HttpSession, 3-20
I
- Identity Management Realm
- definition, 4-8
- role management, 4-10
- sample LDAP directory information tree, 4-9
- user management, 4-10
- impliesAll attribute, 12-12
- integrating
- custom LoginModule, 7-1
- internal-settings.xml
- CSIv2 entities, 14-4
- internal-settings.xml file, 14-2
- DTD, 14-4
- <sep-property> element, 14-2, 14-4
- interoperability, 14-1
- invoking JAZN Admintool, 5-4
- <ior-security-config> element
- DTD, 14-8
- isCallerInRole method, 12-5
J
- J2EE Connector, 13-1
- deployment descriptors, 13-2
- JAAS Provider
- and SSL/OID, 3-18
- common configuration tasks
- configuring a Java 2 Policy File, 9-4
- enhancements to realms, 4-2
- integration with Basic authentication, 6-10
- integration with SSL-enabled applications, 6-8
- integration with SSO-enabled applications, 6-5
- J2EE configuration tasks
- configuring role-name, 3-14
- configuring run-as element, 3-14
- configuring security role, 3-14
- management of, 4-2
- permission classes, 9-3
- security role, 6-13
- JAAS provider
- locations for jazn.xml, 3-5
- JAAS. See Java Authentication and Authorization Service (JAAS)
- jaas.config file, 3-16
- Java 2 application environments, 6-2
- Java 2 Platform, Enterprise Edition (J2EE)
- application development in, 6-2
- creating applications using the Java 2 Security Model, 1-2, 9-2
- definition, 6-2
- integration with JAZNUserManager, 6-4
- Oracle component responsibilities in basic authentication environments, 6-11
- Oracle component responsibilities in SSL-enabled environments, 6-8
- Oracle component responsibilities in SSO-enabled environments, 6-6
- Java 2 Platform, Standard Edition (J2SE)
- application development in, 6-2
- creating applications using the Java 2 Security Model, 1-2, 9-2
- definition, 6-2
- Java 2 policy
- debugging, 9-6
- Java 2 policy file
- configuring for JAAS Provider, 9-4
- Java 2 Security
- specifying SecurityManager, 9-5
- Java 2 Security Model, 2-3, 6-15
- definition, 1-2, 9-2
- using access control capability model, 2-11
- using with J2EE applications, 1-2, 9-2
- using with J2SE applications, 1-2, 9-2
- using with JAAS, 2-3
- Java Authentication and Authorization Service (JAAS)
- applications, 2-5
- definition, 2-3
- extending the Java 2 Security Model, 2-3
- login modules, 2-3
- policy files
- example, 2-5
- principals, 1-2
- realms, 2-4
- roles, 2-4
- subjects, 1-2
- Java Authorization Service
- directory entries, 4-9 to 4-13
- directory information tree, 4-8 to 4-13
- Java Key Store (JKS), 14-2
- Java Platform, Enterprise Edition (J2EE)
- security role, 6-12
- java2.policy, 3-4
- java2.policy file, 9-5
- configuring for JAAS Provider, 9-4
- java.io.FilePermission, A-10
- java.net.URL framework, 11-14
- java.security.manager property, 9-5
- java.security.manager system property, 9-6
- java.security.policy system property, 9-5
- java.security.Principal, 2-4
- java.security.principal, 2-7
- java.security.Principal interface
- using with principals, 1-2
- using with roles and groups, 2-4
- javax.net.ssl.KeyStore, 11-16
- javax.net.ssl.KeyStorePassword, 11-16
- javax.servlet.HttpServletRequest, 6-15
- JAZN Admintool, 4-2
- adding and removing permissions, 5-7, 5-8
- adding and removing principals, 5-9
- adding realms, 5-10
- adding roles, 5-10
- adding users, 5-11
- administering policy, 4-14
- checking passwords, 5-12
- command options, 5-4
- definition, 4-3
- granting and revoking permissions, 5-12
- granting roles, 5-13
- invoking, 5-4
- listing permissions, 5-14
- listing principals, 5-15
- listing realms, 5-16
- listing roles, 5-16
- listing users, 5-17
- migrating principals, 5-17
- navigating shell, 5-19
- retrieving configuration data, 5-12
- revoking roles, 5-13
- setting passwords, 5-18
- shell commands, 5-19 to 5-20
- starting shell, 5-19
- JAZN Admintool shell
- starting, 5-17
- JAZN Admintool shell commands
- add, 5-20
- clear, 5-20
- exit, 5-20
- help, 5-20
- man, 5-21
- mk, 5-20
- pwd, 5-21
- rm, 5-21
- set, 5-21
- JAZNAdminGroup, 4-15
- jazn-data.xml, 3-4, 3-6, 3-15
- and LoginModule, 7-4
- deploying LoginModules, 7-7
- schema, B-1 to B-35
- jazn-data.xml file, 2-5, 2-8, 2-9, 4-5
- and Admintool, 5-2
- JAZNPermission class
- definition, 9-3, 9-4
- JAZNUserManager, 2-8, 6-15
- definition, 2-7, 6-4
- integration in J2EE environments, 6-4
- JAZNUserManager class, 2-9
- jazn.xml, 3-4, 3-6
- file location, 3-5
- schema, B-1 to B-35
- jazn.xml file
- retrieving configuration data, 5-12
- schema, B-1
- JVM, 3-4
K
- Kerberos, 1-3
- and GenericCredential interface, 13-6
- keys (SSL), 11-2
- keystore
- definition, 14-2
- keystores (SSL), 11-2
L
- LDAP, 2-9
- ldapadd tool
- creating users, 4-8
- LDAP-based provider type, 2-9
- ldap.password property name, 3-11
- ldap.user property name, 3-11
- Lightweight Directory Access Protocol (LDAP)-based environments
- Oracle Internet Directory used as provider type, 2-2
- realm contents, 4-8
- realm data storage, 4-11
- realm management, 4-7
- realm permissions, 4-14
- realm types available, 4-7
- sample Application Realm directory information tree, 4-11
- sample External Realm directory information tree, 4-9
- sample Identity Management Realm directory information tree, 4-9
- listing
- permission information, 5-14
- permissions, 5-14
- principal class information, 5-15
- principal classes, 5-15
- listing realms, 5-15
- listing roles, 5-16
- listing users, 5-17
- -listperm option to JAZN Admintool, 5-14
- -listprncpl option to JAZN Admintool, 5-15
- -listprncpls option to JAZN Admintool, 5-15
- -listrealms option to JAZN Admintool, 5-16
- -listroles option to JAZN Admintool, 5-16
- -listusers option to JAZN Admintool, 5-17
- location attribute, 3-6, 3-8
- login modules
- configuring with different applications, 2-3
- definition, 2-3
- with JAAS, 2-3
- login-config element, 3-11
- LoginContext class, 2-3
- authenticating subjects, 2-3
- LoginModules, 7-1 to 7-9
- configuring, 7-4
- deploying, 7-7
- integrating, 7-7
- integration with OC4J, 7-1
- packaging and deployment, 7-2
M
- man command, 5-21
- management of JAAS Provider, 4-2
- mapping
- security roles, 3-14
- -migrate option to JAZN Admintool, 5-17
- migrating
- principals, 5-17
- mk command, 5-20
N
- nameservice.useSSL property, 14-9
- navigating
- JAZN Admintool shell, 5-19
- needs-client-auth attribute, 11-31
O
- obfuscated password, 3-11
- obfuscation, 4-7, 10-3
- OC4J group, 3-15
- oc4j.iiop.ciphersuites property, 14-9
- oc4j.iiop.enable.clientauth property, 14-9
- oc4j.iiop.keyStoreLoc property, 14-9
- oc4j.iiop.keyStorePass property, 14-9
- oc4j.iiop.trustedServers property, 14-9
- oc4j.iiop.trustStoreLoc property, 14-9
- oc4j.iiop.trustStorePass property, 14-9
- one-way authentication, 3-18
- OPMN, 14-3
- Oracle Enterprise Manager, 4-2
- JAAS Provider overview, 4-3
- Oracle HTTPS, 11-1 to 11-20
- default system properties, 11-15
- example, 11-17
- feature overview, 11-11
- supported cipher suites, 11-12, 11-13
- Oracle Internet Directory (OID), 1-3, 2-8, 2-9
- administering policy data, 4-15
- creating users, 4-8
- provider type, 4-2
- Oracle Process Management Notification service, 14-3
- OracleAS Containers for J2EE (OC4J)
- interoperability, 14-1
- mapping security roles to JAAS Provider users and roles, 6-13
- OracleAS Single Sign-On (SSO) for SSO authentication, 2-7
- oracle.home system property, 9-6
- oracle.security.jazn.realm package
- support for realms, 4-2
- use of, 2-7
- OracleSSLCredential, 11-9
- Oracle.ssl.defaultCipherSuites, 11-16
- orion-application.xml, 3-3, 3-5, 3-13, 3-15
- and LoginModule, 7-6
- deploying LoginModules, 7-8
- mapping roles, 3-16
- mapping security roles to JAAS Provider users and roles, 6-13
- passwords not obfuscated, 10-2
- specifying UserManager, 3-22 to 3-26
- orion-ejb-jar
- <establish-trust-in-target> element, 14-7
- orion-ejb.jar file
- /<sas-context> element, 14-7
- <transport-config> element, 14-6
- orion-ejb-jar.xml, 14-6
- <as-context> element, 14-7
- <establish-trust-in-client> element, 14-7
- <integrity> element, 14-7
- security properties, 14-6
- orion-ejb-jar.xml file
- <confidentiality> element, 14-7
- orion-web.xml, 3-3, 3-13
P
- partitioning, 2-5, 4-15
- password indirection
- definition, 10-2
- password obfuscation
- definition, 10-2
- passwords, 4-7, 10-3
- checking, 5-12
- checking in JAZN Admintool, 5-12
- not obfuscated in orion-application.xml, 10-2
- setting, 5-12
- setting in JAZN Admintool, 5-18
- permissions, 2-12, 12-3
- actions, 9-2
- adding and removing in JAZN Admintool, 5-7, 5-8
- administering with AdminPermission class, 4-15
- class definitions, 9-4
- class name, 9-2
- definition, 2-5
- granting and revoking in JAZN Admintool, 5-12
- granting and revoking with the JAZN Admintool, 5-12
- in Java 2 Security Model, 9-2
- JAAS Provider, 9-3
- Java permission instance contents, 9-2
- listing in JAZN Admintool, 5-14
- listing with the JAZN Admintool, 5-14
- management in LDAP-based environments, 4-15
- management in XML-based environments, 4-5, 4-15
- target, 9-2
- persistence, 4-7, 10-3
- persistence attribute, 3-7, 3-8
- Pluggable Authentication Module (PAM), 2-3
- policies
- administering with JAZN Admintool, 4-14
- administering with Oracle Internet Directory (OID), 4-15
- administration, 4-14
- definition, 2-5
- information storage in XML-based provider type, 4-5
- management in LDAP-based environments, 4-15
- management in XML-based environments, 4-5
- partitioning among realms, 4-16
- policy
- definition, 2-5
- policy cache, 3-19
- policy files
- codesource, 2-5
- example, 2-5
- subject, 2-5
- principal classes
- listing
- information with the JAZN Admintool, 5-15
- principal-based authorization
- support for, 2-3
- principals, 1-2
- adding and removing in JAZN Admintool, 5-9
- definition, 1-2
- listing in JAZN Admintool, 5-15
- migrating in JAZN Admintool, 5-17
- with JAAS, 1-2
- principals.xml, 3-24
- principals.xml file, 2-8, 2-10, 3-24, 6-4
- converting from, 5-17
- examples, 3-25
- PrintingSecurityManager, 9-6
- private keys (SSL), 11-2
- privileges, 2-13
- property names
- ldap.password, 3-11
- ldap.user, 3-11
- PropertyPermission, 12-3
- protection domain
- in Java 2 Security Model, 9-2
- provider attribute, 3-6, 3-8
- provider types, 2-2, 4-5
- in J2SE environments, 6-2
- Oracle Internet Directory (OID), 4-2, 4-14
- retrieving permissions from, 2-11
- storing policy information, 4-14
- XML-based, 4-2, 4-14
- public key certificates, 1-3
- public keys (SSL), 11-2
- pwd command, 5-21
R
- RBAC (role-based access control), 2-12
- RBAC. See role-based access control (RBAC)
- realm cache, 3-19
- realm permissions
- management in LDAP-based environments, 4-14
- RealmLoginModule, 3-16
- RealmLoginModule class, 2-7, 6-14
- in J2SE environments, 6-2
- RealmPermission class, 4-14
- definition, 9-3, 9-4
- RealmPrincipal interface, 2-7
- realms
- adding and removing with the JAZN Admintool, 5-7, 5-8
- adding in JAZN Admintool, 5-10
- creation of realm container in LDAP-based environments, 4-11
- data storage in LDAP-based environments, 4-11
- definition, 2-4, 2-7
- information storage in XML-based provider type, 4-5
- JAAS Provider enhancements, 4-2
- JAAS Provider framework, 4-5
- JAAS Provider support, 2-7
- listing in JAZN Admintool, 5-16
- listing with the JAZN Admintool, 5-15
- managing in LDAP-based environments, 4-7
- managing in XML-based provider type, 4-5
- permission management in LDAP-based environments, 4-14
- policy partitioning, 4-16
- realm contents in LDAP-based environments, 4-8
- types available in LDAP-based environments, 4-7
- types available in XML-based provider type, 4-5
- with JAAS, 2-4
- -remperm option to JAZN Admintool, 5-7, 5-8
- -remprncpl option to JAZN Admintool, 5-9
- -remrealm option to JAZN Admintool, 5-10
- -remrole option to JAZN Admintool, 5-10
- -remuser option to JAZN Admintool, 5-11
- retrieving authentication information, 6-15
- -revokeperm option to JAZN Admintool, 5-12
- revoking
- roles in JAZN Admintool, 5-13
- rm command, 5-21
- RMI/IIOP, 14-1
- role activation
- definition, 2-13
- role hierarchy
- definition, 2-12
- role management, 4-8
- role manager, 4-8
- RoleAdminPermission class, 4-16
- definition, 9-3, 9-4
- role-based access control (RBAC), 2-4, 2-7
- definition, 2-12
- JAAS Provider support for, 2-7
- role activation, 2-13
- role hierarchy, 2-12
- RoleManager interface, 4-12
- roles, 1-3
- adding and removing with the JAZN Admintool, 5-10
- adding in JAZN Admintool, 5-10
- definition, 2-12
- granting in JAZN Admintool, 5-13
- listing in JAZN Admintool, 5-16
- listing with the JAZN Admintool, 5-16
- management in Application Realms, 4-8, 4-11
- management in External Realms, 4-8, 4-9
- management in Identity Management Realms, 4-8, 4-10
- management in LDAP-based environments, 4-8
- management in XML-based environments, 4-5
- mapping in the orion-application.xml file, 3-16
- revoking in JAZN Admintool, 5-13
- using the J2EE security role, 6-12
- with JAAS, 2-4
- run-as element, 2-13, 3-15
- runAs security identity, 12-9
- runas-mode, 3-14, 6-9
- RuntimePermission, 12-3
S
- sample application
- AccessTest1, A-13
- secure socket layer (SSL)
- authentication method, 6-5
- integration with Basic authentication, 6-10
- integration with JAAS Provider, 6-8
- Secure Socket Layers (SSL), 6-5
- Secure Sockets Layer. See SSL
- security, 12-3
- authentication, 11-5
- keys and certificates, 11-2
- OC4J and OHS configuration, 11-23, 11-25
- permissions, 12-3
- requesting client authentication, 11-7
- using certificates with OC4J and OHS, 11-4
- security managers
- PrintingSecurityManager, 9-6
- security role, 3-15
- using in the web.xml file, 6-12
- security roles
- mapping, 3-14
- SecurityManager, 9-3
- specifying, 9-5
- SecurityManager.checkPermission, 6-15
- <sep-property> element, 14-2, 14-4
- servlet, 3-15
- Servlet.service, 6-15
- session cache, 3-19
- set command, 5-21
- -setpasswd option to JAZN Admintool, 5-18
- setting a password, 5-12
- -shell option to JAZN Admintool, 5-19
- single sign-on (SSO), 6-5, 6-14
- integration with JAAS Provider, 6-5
- SocketPermission, 12-3
- specifying
- security manager, 9-5
- sr_manager
- security role, 3-15
- SSL, 1-4
- client-authentication, 11-31
- use with OID and JAAS Provider, 3-18
- starting
- JAZN Admintool, 5-4
- subject
- definition, 3-13
- Subject.doAs method, 2-13, 6-15
- associating a subject with AccessControlContext, 1-2
- invoking, 2-3
- subject.doAs(), 3-13
- subjects, 1-2
- definition, 1-2
- with JAAS, 1-2
- system properties
- java.security.lmanager, 9-6
- java.security.manager, 9-5
- java.security.policy, 9-5
- oracle.home, 9-6
- System.setSecurityManager(), 9-5
T
- target names
- definition, 9-2
- <transport-config> element, 14-6
- trustpoint, 1-4
- truststore
- definition, 14-2
- two-way authentication, 3-18
U
- user communities, 2-4, 4-5
- user manager, 4-8
- definition, 1-3
- user repository
- definition, 1-3
- jazn-data.xml, 2-8, 2-9
- Oracle Internet Directory (OID), 2-8, 2-9
- principals.xml, 2-8, 2-10
- UserManager
- interface, 4-12
- specifying, 3-22 to 3-26
- users
- adding and removing with the JAZN Admintool, 5-11
- adding in JAZN Admintool, 5-11
- creating with Oracle Internet Directory, 4-8
- creating with the ldapadd tool, 4-8
- listing in JAZN Admintool, 5-17
- listing with the JAZN Admintool, 5-17
- management in Application Realms, 4-8, 4-11
- management in External Realms, 4-8, 4-9
- management in Identity Management Realms, 4-8, 4-10
- management in LDAP-based environments, 4-8
- management in XML-based environments, 4-5
W
- web.xml, 3-3, 3-11, 3-15
- using the J2EE security role, 6-12
X
- XML-based provider type, 2-2, 2-9
- jazn-data.xml, 4-5
- provider type, 4-2
- realm and policy information storage, 4-5
- realm management, 4-5
- realm type available, 4-5
- XMLUserManager, 2-8
- XMLUserManager class, 2-10