![]() ![]() ![]() ![]() ![]() ![]() |
The following topics are covered is this section:
BEA AquaLogic Enterprise Security (ALES) is a fine-grained entitlements product that was designed to enable centralized management of access to both application resources and application objects. ALES uses a centrally administered, distributed security services architecture that supports hierarchical policies across heterogeneous application environments. It also provides a unified and adaptable security infrastructure that enables a service-oriented approach to securing distributed applications. It allows shared security infrastructure and services to be leveraged and re-used across the heterogeneous enterprise—improving security and increasing IT efficiency.
ALES includes the Administration Application and a set of Security Services Modules (SSM).
The ALES Administration Application provides centralized management of application entitlements, letting you control all of your security policies and configuration data from a single web-based console. Configuration, security policy, and user metadata for ALES-distributed Security Services Modules are managed and provisioned by the Administration Application. All administrative functions, including delegation, are fully configurable through administrative policies.
BEA AquaLogic Enterprise Security supports a variety of Security Service Modules (SSMs) that reside in the application environments protected by ALES. They provide the runtime enforcement of entitlements and integrate with the underlying security framework to provide services for authentication, auditing, role mapping, and credential mapping. The security framework also provides a simple application programming interface (API) that can be used by security and application developers to define security policies and services. SSMs are provided for the WebLogic Platform, Java applications, and non-Java applications through a generic Web Services SSM.
This section covers the following topics:
This section describes new and changed features for this release of AquaLogic Enterprise Security.
This release of AquaLogic Enterprise Security has several new and changed features:
In this release of AquaLogic Enterprise Security, the ASIAuthorizer, which is also known as the authorization and role mapping engine (ARME), and the BLM have been ported to Java and no longer require separate services or processes. The WLESarme command is no longer needed and has been removed.
The ASIAuthorizer provider supports the use of Java plug-ins for custom rule extensions for evaluation and credential functions. The functions available for use are described in Using Java Extensions Plug-Ins.
In this release of AquaLogic Enterprise Security it is possible to deploy an SSM without the SCM. You can use the PolicyIX tool, described in PolicyIX in the Administration Reference, to communicate directly with the BLM and retrieve configuration data. The PolicyIX tool allows you to export configuration data (configured either through the ALES Administration Console or directly via the BLM API) for a given SSM to an XML file, and use it with the configured SSMs when the SCM is not available.
The SCM is always installed on the ALES Administration server.
See Installing an SSM Without an Associated SCM for more information.
The Java, Web Services and WLS (8.1x and 9.x) SSMs are L10N ready for ALES 2.5. This includes all SSM components including the security framework, all related providers, and the ASIAuthorizer. The SSMs support the following functionality:
Note: | The ALES SSM for Apache Web Server and the ALES SSM for Microsoft IIS are not L10N enabled for this release. |
In addition, the BLM, the BLM Java and Web Service APIs, the Policy Distributor (PD) and the Administration Console are L10N ready. These components support the following functionality:
Note: | Resource names are not multi-byte enabled (ASCII only). |
Audit Events are generated for all cascading actions. For example, when a user is deleted, the user is removed from any groups of which they are a member, and the user attributes are deleted. These subsequent actions are now audited.
In addition, AquaLogic Enterprise Security now audits the following events associated with policy distribution:
These new audit events include the SSM ID and identify the policy set to be distributed
Auditing and the BLM API can now be in the same transactional boundary. The BLM API methods allow you to specify that for a transaction to be successful, the events generated by the BLM API must be audited. If either the BLM API call fails or the auditing call fails, all changes are rolled back. Any calls made to the BLM API will produce an audited event.
In addition, it is now possible to define the transactional boundary for the BLM API such that multiple BLM API calls can be made within a single transaction. If any of the BLM calls fail, the entire transaction fails and all changes are rolled back. The BLMContextManager API has been updated to include transactional methods.
As of AquaLogic Enterprise Security version 2.5, the policyloader and PolicyIX are now transactional: all policies are loaded, or none.
This release of AquaLogic Enterprise Security includes a sample web-based Entitlements user interface. The functionality includes the following:
For information about setting up and using this user interface, see Using the Entitlements Management Tool in the Policy Managers Guide.
BEA Kodo implements Sun's Enterprise JavaBeans Persistence 3.0 (JPA) and Java Data Objects (JDO) specifications for the transparent persistence of Java objects. AquaLogic Enterprise Security uses Kodo to provide database neutrality. This means that you no longer need to install the database client to use AquaLogic Enterprise Security.
See Installing the Administration Server for additional information.
Table 1 lists the platform on which each AquaLogic Enterprise Security core component is supported.
WebLogic Server 9.1, 9.21
|
Sun Solaris 82, 9, 10 (SPARC, 32-bit)
|
|
Sybase 12.5.23
MS-SQL 2000 & 20054
|
||
Microsoft Active Directory5
Sybase 12.5.26
MS-SQL 2000 & 20057
|
1Works with WLS configured to use either the Sun JVM or the JRockit JVM that ships with the 9.x version of the server. JRockit JVM supported on Intel hardware only. 2Sun Solaris 8 will not be supported until ALES 2.5 CP1 3Sybase 12.5.2 will not be supported until ALES 2.6 4MS SQL 2005 will not be supported until ALES 2.6 5AD/AM is not currently supported. 6Sybase 12.5.2 will not be supported until ALES 2.6 7MS SQL 2005 will not be supported until ALES 2.6 |
Table 2 lists the AquaLogic Enterprise Security SSMs, the platforms on which they run, and operating systems under which they are supported.
Note: | ALES does not include the JDBC driver for MS SQL and PointBase. If you want to use MS SQL or PointBase for your database, you must download the appropriate JDBC driver. You must use the latest MS SQL 2005 JDBC driver with all versions of MS SQL. |
Red Hat AS4 3.0
|
|||||
---|---|---|---|---|---|
Yes6
|
|||||
Microsoft .NET 1.1 & 2.07
|
|||||
WLP8 9.2
|
|||||
1Windows 2000 SP4 and higher, Windows 2003 SP1and higher. 2SPARC, 32-bit. 3Solaris 8 will not be supported until ALES 2.5 CP1. 4RedHat Advanced Server. 5AIX 5.3 will not be supported until ALES 2.6. 6Apache Web Server SSM is supported on Solaris 8 & 9 only. 7.NET Web Services client on Windows 2000 and 2003 only. 8Works with WLS configured to use either the Sun JVM or the JRockit JVM that ship with the 9.x version of the server. JRockit JVM supported on Intel hardware only. |
Table 3 lists the known issues fixed in this release of AquaLogic Enterprise Security 2.5.
This section describes known limitations in BEA AquaLogic Enterprise Security, Version 2.5 and may include a possible workaround or fix, where applicable. If an entry includes a CR (Change Request) number, a possible solution may be provided in a future BEA AquaLogic Enterprise Security release where BEA will provide vendor specific code to fix the problem. Refer to the CR number to conveniently track the solution as problems are resolved.
Please contact your BEA Technical Support for assistance in tracking any unresolved problems. For contact information, see the section Contacting BEA Customer Support.
Table 4 lists the known issues in this release of AquaLogic Enterprise Security 2.5.
Your feedback on the product documentation is important to us. Send us e-mail at docsupport@bea.com if you have questions or comments. Your comments will be reviewed directly by the BEA professionals who create and update the product documentation.
In your e-mail message, please indicate that you are using the documentation for the BEA AquaLogic Enterprise Security Version 2.5 release.
If you have any questions about this version of the BEA AquaLogic Enterprise Security product, or if you have problems installing and running the product, contact BEA Customer Support through BEA Web Support at http: // support.bea.com. You can also contact Customer Support by using the contact information provided on the Customer Support Card, which is included in the product package.
When contacting Customer Support, be prepared to provide the following information:
![]() ![]() ![]() |