![]() ![]() ![]() ![]() ![]() ![]() |
The following topics are covered is this section:
BEA AquaLogic Enterprise Security (ALES) is a fine-grained entitlements product that was designed to enable centralized management of access to both application resources and application objects. ALES uses a centrally administered, distributed security services architecture that supports hierarchical policies across heterogeneous application environments. It also provides a unified and adaptable security infrastructure that enables a service-oriented approach to securing distributed applications. It allows shared security infrastructure and services to be leveraged and re-used across the heterogeneous enterprise—improving security and increasing IT efficiency.
ALES includes the Administration Application and a set of Security Services Modules (SSM).
The ALES Administration Application provides centralized management of application entitlements, letting you control all of your security policies and configuration data from a single web-based console. Configuration, security policy, and user metadata for ALES-distributed Security Services Modules are managed and provisioned by the Administration Application. All administrative functions, including delegation, are fully configurable through administrative policies.
BEA AquaLogic Enterprise Security supports a variety of Security Service Modules (SSMs) that reside in the application environments protected by ALES. They provide the runtime enforcement of entitlements and integrate with the underlying security framework to provide services for authentication, auditing, role mapping, and credential mapping. The security framework also provides a simple application programming interface (API) that can be used by security and application developers to define security policies and services. SSMs are provided for the WebLogic Platform, Java applications, and non-Java applications through a generic Web Services SSM.
This section covers the following topics:
This section describes new and changed features for this release of AquaLogic Enterprise Security.
This release of AquaLogic Enterprise Security has several new and changed features:
These features are described in the sections that follow.
ALES 2.6 provides mechanisms to redact ALDSP data both before and after the ALDSP Engine processes a client query request.
Redacting ALDSP data before the ALDSP Engine processes a client query request is called pre-processing. Redacting ALDSP data after the ALDSP Engine processes a client query request is called post-processing.
In the pre-processing data redaction solution, the result of the data-retrieving request is protected by adding security constraints before the XQuery function is executed. That is, before the ALDSP Engine processes a client query request, an ALES security constraint is created and inserted into the client query.
In the post-processing data redaction solution, the ALDSP engine retrieves the data from the data service and then invokes the relevant security XQuery function to determine whether to return the data.
See Pre- and Post-Processing Data Redaction Solutions for information.
This release of ALES includes integration with BEA Workshop for WebLogic Platform. Two new features are available:
AquaLogic Enterprise Security includes a plug-in for BEA Workshop for WebLogic Platform that gives you the ability to annotate objects in Workshop with security related metadata. The metadata can then be used to:
See Overview of the ALES Annotations Plug-In for information.
The ALES tag library plug-in allows you to easily secure JSP-page-level components (ALES resources) using ALES tags, and to retrieve information such as the set of roles a user has from the ALES security system.
Tag libraries provide a way to abstract functionality used by a JSP page, which allows for less-complex JSP pages. A tag library packages functions into a tag handler class. Your JSP does not have to directly invoke this tag handler. Instead, you place simple tags in your JSP pages. When the container executes a JSP at runtime and comes across a tag, the tag handler is invoked and provides the desired functionality.
See ALES Tag Library Plug-in for Workshop for more information.
AquaLogic Enterprise Repository (ALER) manages the metadata for any type of software asset, from business processes and Web services to patterns, frameworks, applications, and components. You can use AquaLogic Enterprise Repository to manage AquaLogic Enterprise Security policy data as ALER software assets. By integrating ALER with ALES, you can:
See Integrating with AquaLogic Enterprise Repository for information.
You can use the Entitlements Management Tool to manage users, groups, and identity attributes. The Identity node in the Entitlements Management Tool presents user and group information on three tabs:
See Working with Identities for information.
Table 1 lists the platform on which each AquaLogic Enterprise Security core component is supported.
WebLogic Server 9.1, 9.21
|
||
Sybase 12.5.22
|
||
Sybase 12.5.23
|
1Works with WLS configured to use either the Sun JVM or the JRockit JVM that ships with the 9.x version of the server. JRockit JVM supported on Intel hardware only. 2Available in ALES 2.6 CP1. 3Available in ALES 2.6 CP1. |
Table 2 lists the AquaLogic Enterprise Security SSMs, the platforms on which they run, and operating systems under which they are supported.
Note: | ALES does not include the JDBC driver for MS SQL and PointBase. If you want to use MS SQL or PointBase for your database, you must download the appropriate JDBC driver. You must use the latest MS SQL 2005 JDBC driver with all versions of MS SQL. |
Red Hat AS3 3.0, 4.0
|
||||
---|---|---|---|---|
Yes4
|
||||
Microsoft .NET 1.1 & 2.05
|
||||
WLP6 9.2
|
||||
WebLogic RealTime 1.07
|
1Windows 2000 SP4 and higher, Windows 2003 R2 and higher. 2SPARC, 32-bit. 3RedHat Advanced Server. 4Apache Web Server SSM is supported on Solaris 8 & 9 only. 5.NET Web Services client on Windows 2000 and 2003 only. 6Works with WLS configured to use either the Sun JVM or the JRockit JVM that ship with the 9.x version of the server. JRockit JVM supported on Intel hardware only. 7Web Services SSM only. JRockit and WLRT supported only on Intel hardware. |
Table 3 lists the known issues fixed in this release of AquaLogic Enterprise Security 2.6.
This section describes known limitations in BEA AquaLogic Enterprise Security, Version 2.6 and may include a possible workaround or fix, where applicable. If an entry includes a CR (Change Request) number, a possible solution may be provided in a future BEA AquaLogic Enterprise Security release where BEA will provide vendor specific code to fix the problem. Refer to the CR number to conveniently track the solution as problems are resolved.
Please contact your BEA Technical Support for assistance in tracking any unresolved problems. For contact information, see the section Contacting BEA Customer Support.
Table 4 lists the known issues in this release of AquaLogic Enterprise Security 2.6.
Your feedback on the product documentation is important to us. Send us e-mail at docsupport@bea.com if you have questions or comments. Your comments will be reviewed directly by the BEA professionals who create and update the product documentation.
In your e-mail message, please indicate that you are using the documentation for the BEA AquaLogic Enterprise Security Version 2.6 release.
If you have any questions about this version of the BEA AquaLogic Enterprise Security product, or if you have problems installing and running the product, contact BEA Customer Support through BEA Web Support at http: // support.bea.com. You can also contact Customer Support by using the contact information provided on the Customer Support Card, which is included in the product package.
When contacting Customer Support, be prepared to provide the following information:
![]() ![]() ![]() |