The following sections describe the content and organization of this document:
Note:
Oracle Entitlements Server was previously known as BEA Aqualogic Enterprise Security. Some items, such as schema objects, paths, and so on may still use the term “ALES."
This document describes how to implement security in Java applications. It include descriptions of the Security Service Application Programming Interfaces and programming instructions for implementing security in Java applications
Documentation Audience
This document is intended for the following audiences:
Application Developers—Developers who are Java programmers who focus on developing Java applications, incorporating security into Java applications and Enterprise JavaBeans (EJBs), and who work with other engineering, quality assurance (QA), and database teams to implement security features. Application Developers have in-depth working knowledge of Java (including J2EE components such as servlets/JSPs and JSEE).
Security Architects—Individuals who are responsible for designing and implementing the overall security architecture for their organization, evaluating Oracle Entitlements Server features, and determining how to best implement policies. Security Architects have in-depth knowledge of Java programming, Java security, and network security, as well as knowledge of security systems and leading-edge security technologies and tools.
Security Developers—Developers (including third-party developers) who focus on defining the system architecture and infrastructure for security products and who develop custom security providers for use with Oracle Entitlements Server services. Security Developers work with Security Architects to ensure that the architecture is implemented according to design specifications and that it does not introduce any security holes. Security Developers also work with administrators to ensure that security is properly configured. Security Developers have a solid understanding of certain concepts, including authentication, authorization, and auditing, and an in-depth knowledge of Java and security provider functionality.
Guide to this Document
This document is organized as follows:
Introduction, introduces the Java Security Service Module product and describes its components.
Naming Authority, describes naming authorities in the context of the Java Security Service Module.
Java Security Service Module APIs, describes the APIs that you use to develop Java applications using the Java Security Service Module.
Developing Applications Using the Java Security Service Module, provides step-by-step procedures for developing Java applications. The procedures include code fragments that demonstrate how to implement each programming step.
Related Information
Other documents that may be of interest to the reader include:
Policy Managers Guide—This document how to write access control policies and describes how to import and export policy data.
Securing OES Production Environments—Contains information about security practices that should be considered when moving OES from a development to a production system.
Developing Security Providers—This document provides security vendors and security and application developers with the information needed to develop custom security providers.