Installing the Java Security Service Module
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
This section covers tasks that you must perform after completing the installation.
Note: Some of the procedures described here require basic knowledge of AquaLogic Enterprise Security products. If you need assistance with any task, see the Administration Console online help or the Administration and Deployment Guide for more details. It is assumed that you know the location of the products you have installed, including the Security Service Module and the Administration Server.
This section describes how to enroll the Service Control Manager. Each machine on which you install a Security Service Module must have one (and only one) enrolled Service Control Manager. You only need to follow this procedure if you installed the Security Service Module on a machine other than the one that contains the Administration Application.
Note: While you can use the demonstration digital certificate in a development environment, you should never use it in a production environment.
To configure enrollment in demo mode, perform the following steps:
ENTER
> to register the domain, enter the following information, Type: 5 and press <ENTER>
again:Enter Enterprise Domain Name :> (For example: asi)
Enter Primary Admin URL :> (For example: https://adminmachine
:7010/asi)
Secondary Admin URL :> (This value is optional. Same format as primary URL)
SCM name :> (For example:ssmmachinename_ssm
)
SCM port :> (Default: 7010)
ssl\identity.jks
keystore. This keystore contains the identities for all the components you are enrolling.ssl\peer.jks
keystore. This keystore contains the certificates of components with which this Security Service Module can communicate.ssl\trust.jks
keystore. This keystore contains the AquaLogic Enterprise Security CA certificate used for enrollment.
You configure a Service Control Manager (SCM) for each of the machines on which you have installed one of more Security Service Modules (SSM). Each machine must have one (and only one) configured Service Control Manager. For example, if you install an SSM on the same machine as the Administration Application, you must use the adminconfig
SCM, which was configured for you when you installed the Administration Application.
Note: When you use the Instance Wizard to create an instance of a SSM on a machine, you link the instance to a SCM by name. When you install multiple SSMs of different types (Web Server, Web Services, WebLogic Server 8.1, and Java) on the same machine, they all must use the same SCM.
To configure a SCM, see the Administration Application Console Help and use the AquaLogic Enterprise Security Administration Console.
Configure a SSM with the security providers that you require for the Java SSM and bind it to the SCM. You have the option of configuring either the default security providers that ship with the product or custom security providers, which you develop or purchase from third-party security vendors. The Java Security Service Module supports the following types of security providers:
To configure these providers and bind the configuration to the SCM, perform the following steps:
java_ssm
) and click Create.Note: Later, when you use the Instance Wizard to create an instance of the SSM to which this security configuration will be applied, you will use the Configuration ID to link the SSM instance to this security configuration.
Before starting a Java Security Service Module (SSM), you must create a named instance of the SSM using the Instance Wizard.
To create an instance of the Java Security Service Module:
On Unix, if you are using X-windows, go to BEA_HOME
/ales21-ssm/java-ssm/adm
and enter: instancewizard.sh.
You must have the Administration Application services running prior to enrolling the Security Service Module.
Note: While you can use the demonstration digital certificate in a development environment, you should never use it in a production environment.
To enroll the Security Service Module:
/adm
directory: BEA_HOME/ales21-ssm/java-ssm/instance/
instancename
/adm
, where instancename
is the name you assigned to the instance when you created it.admin
username and password. This is the username and password of the Security Administrator doing the enrollment. ssl\identity.jks
keystore. This keystore contains the identities for all the components you are enrolling.ssl\peer.jks
keystore. This keystore contains the certificates of components with which this Security Service Module can communicate.ssl\trust.jks
keystore. This keystore contains the AquaLogic Enterprise Security CA certificate used for enrollment.
After you install the Security Service Module, create the instance, and enroll it, you must start the necessary processes by running the appropriate batch or shell scripts. Before you start these processes, make sure that the Administration Server and all of its services are running.
For each machine, you must start the following processes:
For instructions on how to start and stop the required processes, see Starting and Stopping Processes for Security Service Modules in the Administration and Deployment Guide.
AquaLogic Enterprise Server includes an example Java SSM client you can use for testing purposes. The example code and the instructions can be found under the BEA_HOME/ales21-admin/examples/JavaAPIExample
folder. The example is present only if you have installed ALES 2.1 SP1 CP2. Instructions for running the Java SSM example are included in the README file.
jssm
, with properties matching those in BEA_HOME/ales21-admin/examples/JavaAPIExample/build.properties
. See Creating an Instance of the Java Security Service Module and Enrolling the Instance of the Security Service Module.set-env.bat/.sh
to include the correct BEA_HOME
and JAVA_HOME
system variables for your installation. Run set-env.bat/.sh
to set the system variables. This step is necessary because the client build script is dependant on libraries and executables located under the BEA_HOME folder. The same is true for the compiled Java client.ant dist config
command. This script compiles the source code and creates the build
folder. This folder contains all necessary runtime files.ant load
command. This action creates an SSM configuration and configures its providers, creates example resources and rules, then it attaches the SSM to the SCM. After this step has been successfully executed, you should be able to see the newly created SSM in the ALES Administration Console.After you start the Java SSM example client, respond to the prompts that are displayed. Enter:
The example code attempts to authenticate the user using credentials you supplied as the input. Then it checks the privileges to perform the action against the resource.
The code structure of the Java SSM example can be logically divided into the following steps:
build/config/security.properties
configuration file.AuthenticationService
instance by calling PolicyDomain.getService(ServiceType.AUTHENTICATION)
.For more information about how to develop secure Java applications using Java SSM, see Programming Security for Java Applications.
You have completed the installation and configuration of the Java Security Service Module. Your Security Administrator can now configure your security services using the security providers for your Security Service Module, through the Administration Console.
Before you begin to configure security services, you should read the information on security configuration and administration in the Administration Console online help. Descriptions of how to configure the Service Control Manager, the Security Service Module, and the providers, and then deploy your changes are provided there.
![]() ![]() |
![]() |
![]() |