> Release Notes > BEA AquaLogic Enterprise Security Version 2.6 Release Notes

Release Notes

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

BEA AquaLogic Enterprise Security Version 2.6 Release Notes

The following topics are covered is this section:

 

AquaLogic Enterprise Security 2.6 Features and Changes

BEA AquaLogic Enterprise Security (ALES) is a fine-grained entitlements product that was designed to enable centralized management of access to both application resources and application objects. ALES uses a centrally administered, distributed security services architecture that supports hierarchical policies across heterogeneous application environments. It also provides a unified and adaptable security infrastructure that enables a service-oriented approach to securing distributed applications. It allows shared security infrastructure and services to be leveraged and re-used across the heterogeneous enterprise—improving security and increasing IT efficiency.

ALES includes the Administration Application and a set of Security Services Modules (SSM).

The ALES Administration Application provides centralized management of application entitlements, letting you control all of your security policies and configuration data from a single web-based console. Configuration, security policy, and user metadata for ALES-distributed Security Services Modules are managed and provisioned by the Administration Application. All administrative functions, including delegation, are fully configurable through administrative policies.

BEA AquaLogic Enterprise Security supports a variety of Security Service Modules (SSMs) that reside in the application environments protected by ALES. They provide the runtime enforcement of entitlements and integrate with the underlying security framework to provide services for authentication, auditing, role mapping, and credential mapping. The security framework also provides a simple application programming interface (API) that can be used by security and application developers to define security policies and services. SSMs are provided for the WebLogic Platform, Java applications, and non-Java applications through a generic Web Services SSM.

This section covers the following topics:

What's New in BEA AquaLogic Enterprise Security 2.6

This section describes new and changed features for this release of AquaLogic Enterprise Security.

This release of AquaLogic Enterprise Security has several new and changed features:

These features are described in the sections that follow.

Pre- and Post-Processing Data Redaction Solutions for ALDSP

ALES 2.6 provides mechanisms to redact ALDSP data both before and after the ALDSP Engine processes a client query request.

Redacting ALDSP data before the ALDSP Engine processes a client query request is called pre-processing. Redacting ALDSP data after the ALDSP Engine processes a client query request is called post-processing.

In the pre-processing data redaction solution, the result of the data-retrieving request is protected by adding security constraints before the XQuery function is executed. That is, before the ALDSP Engine processes a client query request, an ALES security constraint is created and inserted into the client query.

In the post-processing data redaction solution, the ALDSP engine retrieves the data from the data service and then invokes the relevant security XQuery function to determine whether to return the data.

See Pre- and Post-Processing Data Redaction Solutions for information.

Integration with BEA Workshop for WebLogic Platform

This release of ALES includes integration with BEA Workshop for WebLogic Platform. Two new features are available:

ALES Annotations Plug-in

AquaLogic Enterprise Security includes a plug-in for BEA Workshop for WebLogic Platform that gives you the ability to annotate objects in Workshop with security related metadata. The metadata can then be used to:

See Overview of the ALES Annotations Plug-In for information.

ALES Tag Library Plug-in

The ALES tag library plug-in allows you to easily secure JSP-page-level components (ALES resources) using ALES tags, and to retrieve information such as the set of roles a user has from the ALES security system.

Tag libraries provide a way to abstract functionality used by a JSP page, which allows for less-complex JSP pages. A tag library packages functions into a tag handler class. Your JSP does not have to directly invoke this tag handler. Instead, you place simple tags in your JSP pages. When the container executes a JSP at runtime and comes across a tag, the tag handler is invoked and provides the desired functionality.

See ALES Tag Library Plug-in for Workshop for more information.

Integration with AquaLogic Enterprise Repository

AquaLogic Enterprise Repository (ALER) manages the metadata for any type of software asset, from business processes and Web services to patterns, frameworks, applications, and components. You can use AquaLogic Enterprise Repository to manage AquaLogic Enterprise Security policy data as ALER software assets. By integrating ALER with ALES, you can:

See Integrating with AquaLogic Enterprise Repository for information.

Identity Management Added to Entitlement UI

You can use the Entitlements Management Tool to manage users, groups, and identity attributes. The Identity node in the Entitlements Management Tool presents user and group information on three tabs:

See Working with Identities for information.

Supported Configurations

Table 1 lists the platform on which each AquaLogic Enterprise Security core component is supported.

Table 1 Core Components
Component
Platforms
Operating Systems
Admin Console Browser
MS IE 6.0
Windows 2000 SP4, 2003 R2, XP
Admin Server Platform:
WebLogic Server 8.1 SP4, SP5, SP6
WebLogic Server 9.1, 9.21
Tomcat 5.5.15
Sun Solaris 8, 9, 10 (SPARC, 32-bit)
Windows 2000 SP4, 2003 R2, XP
Red Hat Adv. Server 3.0, 4.0 (x86, 32-bit)
Policy Store
Oracle 9.2.0.5, 10.1.2, 10.2.0.1
Sybase 12.5.22
MS-SQL 2000
PointBase 5.1
 
User Directory
Microsoft Active Directory
SunONE Directory Server v5.2
Novell eDirectory v8.7.31
Open LDAP v2.2.24
Oracle 9.2.0.5, 10.1.2, 10.2.0.1
Sybase 12.5.23
MS-SQL 2000
PointBase 5.1
 

1Works with WLS configured to use either the Sun JVM or the JRockit JVM that ships with the 9.x version of the server. JRockit JVM supported on Intel hardware only.

2Available in ALES 2.6 CP1.

3Available in ALES 2.6 CP1.

Table 2 lists the AquaLogic Enterprise Security SSMs, the platforms on which they run, and operating systems under which they are supported.

Note: ALES does not include the JDBC driver for MS SQL and PointBase. If you want to use MS SQL or PointBase for your database, you must download the appropriate JDBC driver. You must use the latest MS SQL 2005 JDBC driver with all versions of MS SQL.

Table 2 ALES Security Service Modules (SSMs) 
SSM
Platform Version(s)
Windows 2000,
20031
XP
Solaris2
8, 9, 10
Red Hat AS3 3.0, 4.0
IIS Web Server
IIS 5.0
Yes
No
No
Apache Web Server
ASF Apache 2.0.54
Yes
Yes4
Yes
Web Services
Microsoft .NET 1.1 & 2.05
WebLogic Workshop 9.0
Yes
Yes
Yes
BEA WebLogic Platform
WLS 8.1 Sp4, Sp5, Sp6
WLP 8.1 Sp4, Sp5
WLS 9.1, 9.2
WLP6 9.2
Yes
Yes
Yes
Java
Sun JVM 1.4.2
Sun JVM 1.5.0
JRockit JVM 1.42 & 1.5.0
WebLogic RealTime 1.07
Yes
Yes
Yes

1Windows 2000 SP4 and higher, Windows 2003 R2 and higher.

2SPARC, 32-bit.

3RedHat Advanced Server.

4Apache Web Server SSM is supported on Solaris 8 & 9 only.

5.NET Web Services client on Windows 2000 and 2003 only.

6Works with WLS configured to use either the Sun JVM or the JRockit JVM that ship with the 9.x version of the server. JRockit JVM supported on Intel hardware only.

7Web Services SSM only. JRockit and WLRT supported only on Intel hardware.

 

Known Issues Fixed in this Release of BEA AquaLogic Enterprise Security 2.6

Table 3 lists the known issues fixed in this release of AquaLogic Enterprise Security 2.6.

Table 3 Known Issues Fixed in This Release
CR
Description
CR315817
Attribute assignment event does not contain resource attribute value
CR315818
Rule Modification event doesn't contain new rule
CR312046
Problem viewing CrossLogix and ALES pages from a single browser
CR310874
enroll.sh for WLS 8 ssm points to JDk15 instead of JDK14
CR314082
Silent install fails if SCM installation is disabled
CR314069
Certify ALES with Tomcat 5.5.12
CR314273
WS SSM Instance does not have register/unregister/start windows services shortcuts
CR314087
sys_subjectgroups returns users in addition to groups
CR313400
install_ales_schema.sh/bat schema needs to validate input parameters and show usage if incorrect
CR315768
policyloader script uses relative paths
CR314073
install_ales_schema script uses a relative path
CR315772
Invalid directory in policy loader script throws Exception on Server side
CR314066
Policy Loader printing incorrect line numbers
CR314071
WLESadmin.sh shutdown does not stop the Tomcat server

 

Known Issues in BEA AquaLogic Enterprise Security 2.6

This section describes known limitations in BEA AquaLogic Enterprise Security, Version 2.6 and may include a possible workaround or fix, where applicable. If an entry includes a CR (Change Request) number, a possible solution may be provided in a future BEA AquaLogic Enterprise Security release where BEA will provide vendor specific code to fix the problem. Refer to the CR number to conveniently track the solution as problems are resolved.

Please contact your BEA Technical Support for assistance in tracking any unresolved problems. For contact information, see the section Contacting BEA Customer Support.

Table 4 lists the known issues in this release of AquaLogic Enterprise Security 2.6.

Table 4 Known Issues in This Release
CR
Description
None
ALES version 2.6 does not currently support WLS SSM running on WLP 8.1.6. Support for this will be added in ALES 2.6 CP1.
None
ALES version 2.6 does not currently support Sybase Database as a Policy Store. Support for this will be added in ALES 2.6 CP1.
CR329699
ALES does not support running any two SSM instances with the same name and config ID on the same host.
Assume that you have two SSM instances with the same name on the same host, using the same Config ID to connect to the ALES Admin system. The only difference is that they use different port numbers.
In this case, only the first SSM will be able to register with the policy distributor (PD). When the second SSM tries to register with the PD, it does not allow it since there is already a URL registered for that particular SSM instance and Config ID.
Note that this is not a problem if the SSM instances with the same name and config ID are running on diffrent host machines. In that case, the instance name that is registered is uniquely scoped by the host name.
CR299209
The help message of the ASISignal utility is incorrect. ASISignal supports the following actions only: ping, comtest, wait, waitready, and status. Actions restart, shutdown, and log are no longer supported.
CONFIGURATION: ALL
CR300568
SSM configuration names must not start with provider types or the configuration cannot be exported using PolicyIX.
CONFIGURATION: ALL
WORKAROUND: Modify the name of the SSM configuration so it does not start with the following strings: "Adjudication","Auditing","Authentication","Authorization","CredentialMapping","RoleMapping".
CR303946
If an SSM that does not use an SCM fails to start with a ConfigurationException, change the wles.config.signer property to upper case. The wles.config.signer property contains the host name of the admin server.
For a Java SSM, the property is set in the BEA_HOME/ales26-ssm/java-ssm/instance/instancename/bin/set-env script.
For a WLS 8.1 SSM, the property is set in the BEA_HOME/ales26-ssm/ wls-ssm/instance/instancename/bin/set-wls-env script.
For a Web Services SSM, the property is set in the BEA_HOME/ales26-ssm/webservice-ssm/instance/instancename/config/security.properties file.
In the file paths above, instancename is the name you assigned to the SSM instance when you created it.
302610
If you have configured an ASI Authorization provider to use metadirectory, you must modify the configuration after upgrading to 2.6. First, you must replace database server names with JDBC URLs. In 2.6, the field labeled "JDBC URLs" will have one or more database server names from your previous configuration. For example, the field may contain the Oracle service name "XE". That must be changed to an Oracle JDBC URL such as jdbc:oracle:thin:@united:1521:XE. Second, you must add a JDBC driver name in the field labeled JDBC Driver. For example, oracle.jdbc.driver.OracleDriver.
CR304537
Wrong JDK version is set after upgrade Admin Server from 2.1 to 2.6 when app server is WLS 8.1.5
CR308526
In BLM API, ruleManager's modifyRule method cannot be called more then once in one transaction
CR309319
There may be cases were the type for your Attribute Declaration is set to dynamic instead of what it is set to the policy loader files.
WORKAROUND: This can be currently fixed by updating the type by changing it in the Admin console.
CR277538
Default Java 1.4 Browser Plugin Doesn't Work with asiconsole hosted on 9.x WLS.
WORKAROUND: For that console to work correctly you need to install Java 1.5 Browser Plugin.

 

Contacting BEA Customer Support

Your feedback on the product documentation is important to us. Send us e-mail at docsupport@bea.com if you have questions or comments. Your comments will be reviewed directly by the BEA professionals who create and update the product documentation.

In your e-mail message, please indicate that you are using the documentation for the BEA AquaLogic Enterprise Security Version 2.6 release.

If you have any questions about this version of the BEA AquaLogic Enterprise Security product, or if you have problems installing and running the product, contact BEA Customer Support through BEA Web Support at http: // support.bea.com. You can also contact Customer Support by using the contact information provided on the Customer Support Card, which is included in the product package.

When contacting Customer Support, be prepared to provide the following information:


  Back to Top       Previous  Next