Introduction
Document Scope and Audience
Guide to this Document
Related Documentation
Contact Us!
Security Policies Overview
What is an AquaLogic Enterprise Security Policy?
Closed-World Security Environment
Policy Components
Resources
Virtual Resources
Resource Attributes
Action Groups
Actions
Identities
Identity Attributes
Groups
Users
Policies
Roles and Role Mapping Policies
Authorization Policies
Delegation
Summary of Policy Differences
Declarations
Constants
Attributes
Evaluation Functions
Writing Policies
Policy Implementation: Main Steps
Access Decision Process
Authentication Service
Role Mapping Service
Authorization Service
Credential Mapping Service
Authorization and Role Mapping Engine
Using the Entitlements Administration Application to Write Policies
Entitlements Administration Application Overview
Resources
Identities
Roles
Writing Role Mapping Policies and Authorization Policies
Policy Reports
Defining Declarations
Binding Policies
Deployment
Distributing SSM Configurations
Advanced Topics
Designing More Advanced Policies
Multiple Components
Policy Constraints
Parentheses (( )) and OR character ( | )
Boolean Operators and Constraint Sets
Declarations
Evaluation Function Declarations
Authorization Caching Expiration Functions
Policy Inheritance
Direct and Indirect Group Membership
Restricting Policy Inheritance
Resource Attribute Inheritance
WebLogic Resource Type Conversions and Resource Trees
Understanding Resource Nodes
Application Deployment Parent Node
Resource Paths and Policies for Common Resources
EJB Resources
EJB Resource Dynamic Resource Attributes
JNDI Resources
JNDI Dynamic Resource Attributes
URL Resources
URL Dynamic Resource Attributes
JDBC Resources
JDBC Dynamic Resource Attributes
JMS Resources
JMS Dynamic Resource Attributes
Web Services Resources
Web Services Resource Path Example
Web Services Resource Action Mappings
Web Services Resource Policy Examples
Web Services Dynamic Resource Attributes
Web Services Resource Policy Examples
Server Resources
Server Resource Actions Mapping
Server Dynamic Resource Attributes
Server Resource Policy Examples
Subject Mapping
Policy Element Naming
Size Restriction on Policy Data
Character Restrictions in Policy Data
Special Names and Abbreviations
Sample Policy Files
Application Bindings [binding]
Directory Attribute Schemas [schema]
Mutually Exclusive Subject Groups [excl]
Policy Distribution [distribution]
Subject Group Membership [member]
Using Response Attributes
report() Function
report_as() Function
Report Function Policy Language
Using Evaluation Plug-ins to Specify Response Attributes
Using queryResources and grantedResources
Resource Discovery
Enable Discovery Mode
Run in Discovery Mode
Import the Policy
Importing and Exporting Policy Data
Importing Policy Data
Policy Import Tool
Configuring the Policy Import Tool
Setting Configuration Parameters
Running the Policy Import Tool
Understanding How the Policy Loader Works
Exporting Policy Data
Policy Export Tool
Before You Begin
Exporting Policy Data on Windows Platforms
Exporting Policy Data on UNIX Platforms
What’s Next
Authorization Caching
Authorization Cache Operation
Configuring Authorization Caching
Authorization Caching Expiration Functions