Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) Part Number B28957-01 |
|
|
View PDF |
This manual discusses Oracle Containers for J2EE (OC4J) security features.
This preface contains these topics:
This manual is intended for experienced Java developers, deployers, and application managers who want to understand the security features of OC4J. It discusses the Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider in detail, as well as discussing security implications of individual J2EE features, including Web applications, Enterprise JavaBeans (EJBs), the J2EE Connector Architecture, Secure Sockets Layer, and the Common Secure Interoperability Version 2 protocol (CSIv2).
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
TTY Access to Oracle Support Services
Oracle provides dedicated Text Telephone (TTY) access to Oracle Support Services within the United States of America 24 hours a day, seven days a week. For TTY support, call 800.446.2398.
For more information, see the following Oracle resources.
Additional OC4J documents:
Oracle Containers for J2EE Developer's Guide
This discusses items of general interest to developers writing an application to run on OC4J—issues that are not specific to a particular container such as the servlet, EJB, or JSP container. (An example is class loading.)
Oracle Containers for J2EE Deployment Guide
This covers information and procedures for deploying an application to an OC4J environment. This includes discussion of the deployment plan editor that comes with Oracle Enterprise Manager 10g.
Oracle Containers for J2EE Configuration and Administration Guide
This discusses how to configure and administer applications for OC4J, including use of the Oracle Enterprise Manager 10g Application Server Control Console, use of standards-compliant MBeans provided with OC4J, and, where appropriate, direct use of OC4J-specific XML configuration files.
Oracle Containers for J2EE Services Guide
This provides information about standards-based Java services supplied with OC4J, such as JTA, JNDI, JMS, the Oracle Application Server Java Object Cache, and the XML Query Service.
Oracle Containers for J2EE Resource Adapter Administrator's Guide
This provides information about resource adapters and the J2EE Connector Architecture.
Oracle Containers for J2EE Servlet Developer's Guide
This provides information for servlet developers regarding use of servlets and the servlet container in OC4J, including basic servlet development and use of JDBC and EJBs.
Oracle Containers for J2EE Support for JavaServer Pages Developer's Guide
This provides information about JavaServer Pages development and the JSP implementation and container in OC4J. This includes discussion of Oracle features such as the command-line translator and OC4J-specific configuration parameters.
Oracle Containers for J2EE JSP Tag Libraries and Utilities Reference
This provides conceptual information as well as detailed syntax and usage information for tag libraries and JavaBeans provided with OC4J.
Oracle Containers for J2EE Enterprise JavaBeans Developer's Guide
This provides information about Enterprise JavaBeans development and the EJB implementation and container in OC4J.
Oracle Application Server Web Services Developer's Guide
This describes Web services development and configuration in OC4J and Oracle Application Server.
Oracle Application Server Advanced Web Services Developer's Guide
This book describes topics beyond basic Web service assembly. For example, it describes how to diagnose common interoperability problems, how to enable Web service management features (such as reliability, auditing, and logging), and how to use custom serialization of Java value types.
Oracle Application Server Web Services Security Guide
This describes Web services security and configuration in OC4J and Oracle Application Server.
Related Javadoc sets:
Oracle Containers for J2EE Security Java API Reference
Documents APIs of the OracleAS JAAS Provider, identity management framework, and Java SSO.
Oracle Containers for J2EE User and Role Java API Reference
Documents APIs for accessing user and role information from identity management repositories.
Oracle Application Server HTTPClient Java API Reference
Documents APIs of the Oracle HTTPClient
packages.
From the Oracle Application Server core documentation group:
Oracle Process Manager and Notification Server Administrator's Guide
Oracle Application Server Certificate Authority Administrator's Guide
Oracle Application Server Best Practices
For Oracle Identity Management, Oracle Internet Directory, and Oracle Single Sign-On:
Oracle Identity Management Infrastructure Administrator's Guide
Oracle Identity Management Integration Guide
Oracle Identity Management Guide to Delegated Administration
Oracle Identity Management Application Developer's Guide
Oracle Internet Directory Administrator's Guide
Oracle Internet Directory API Reference
Oracle Application Server Single Sign-On Administrator's Guide
For Oracle Access Manager:
Oracle Access Manager Introduction
Oracle Access Manager Installation Guide
Oracle Access Manager System Administration Guide
Oracle Access Manager Identity and Common Administration Guide
Oracle Access Manager Developer Guide
Oracle Access Manager Deployment Guide
For additional information, see:
Top-level link for Oracle documentation from the Oracle Technology Network:
http://www.oracle.com/technology/documentation/index.html
The following Web site for OC4J "how-to" examples:
http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/index.html
The Sun Java and J2EE Web pages, especially the Java Authentication and Authorization Service (JAAS) Web site at :
The following text conventions are used in this document:
Convention | Meaning |
---|---|
boldface | Boldface type indicates graphical user interface elements associated with an action. |
italic | Italic type indicates book titles, emphasis, terms defined in text, or placeholder variables for which you supply particular values. |
monospace |
Monospace type within a paragraph indicates commands, URLs, Java class names and method names, file and directory names, text that appears on the screen, or text that you enter. |