PK
aŽDoa«, mimetypeapplication/epub+zipPK aŽD iTunesMetadata.plistĆ<ū
ćć®ä»é²ć§ćÆćOPSSćµć¼ćć¹ćę§ęćććć”ć¤ć«ć®č¦ē“ é層ćØå±ę§ć«ć¤ćć¦čŖ¬ęćć¾ćććć®ćć”ć¤ć«ć®ććć©ć«ćć®ååćÆćjps-config.xml
(Java EEć¢ććŖć±ć¼ć·ć§ć³ć®å “å)ć¾ććÆjps-config-jse.xml
(Java SEć¢ććŖć±ć¼ć·ć§ć³ć®å “å)ć§ćć
ććć©ć«ćć§ćOPSSę§ęćć”ć¤ć«ćÆ$DOMAIN_HOME/config/fmwconfig
ćć£ć¬ćÆććŖć«ććć¾ćććJava SEć¢ććŖć±ć¼ć·ć§ć³ć®å “åćÆćć·ć¹ćć ć»ććććć£oracle.security.jps.config
ćä½æēØćć¦å„ć®å “ęćęå®ć§ćć¾ćć
ę§ęćć”ć¤ć«ćÆćć»ćć„ćŖćć£ć»ć¹ćć¢ććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ććć³ē£ę»ćµć¼ćć¹ć®ę§ęć«ä½æēØććć¾ććå®å ØćŖę§ęćć”ć¤ć«ć®ä¾ćÆćē¬¬18.5.9é ćę§ęćć”ć¤ć«jps-config.xmlć®ä¾ććåē §ćć¦ćć ććć
ććć°ć©ć ć«ćććµć¼ćć¹ć®ę§ęę¹ę³ćÆćē¬¬E.2é ćMBeansćä½æēØććOPSSćµć¼ćć¹ć®ę§ęććåē §ćć¦ćć ććć
ćć®ä»é²ć®å 容ćÆꬔć®ćØććć§ćć
jps-config.xml
ćć”ć¤ć«ć®ćććć¬ćć«ć®č¦ē“ ćÆć<jpsConfig>ć§ććććć«ćÆćꬔć®ē¬¬2ć¬ćć«ć®č¦ē“ ćå«ć¾ćć¦ćć¾ćć
<property>
<propertySets>
<extendedProperty>
<serviceProviders>
<serviceInstances>
<jpsContexts>
č”ØA-1ćÆććććć®č¦ē“ ć®ę©č½ćčŖ¬ęćć¦ćć¾ććäøć«ćć³{
}
ć§å²ć¾ććę³ØéćÆććć®č¦ē“ ć«čرåÆććć¦ććē¹°čæćåę°ćē¤ŗćć¾ććććØćć°ć{0仄äø}
ćÆććć®č¦ē“ ćć¼ćå仄äøåŗē¾ććåÆč½ę§ćććććØćē¤ŗćć{1}
ćÆćć®č¦ē“ ć1åć®ćæåŗē¾ććććØćē¤ŗćć¾ćć
ćććć®č¦ē“ ćÆć¢ććŖć±ć¼ć·ć§ć³åŗęć®ę§ęć§ćÆććć¾ćććę§ęćć”ć¤ć«å ć®é ē®ćÆćććććć”ć¤ć³å Øä½ć«é¢é£ćććć”ć¤ć³ć«ćććć¤ććć¦ćććć¹ć¦ć®ē®”ēåÆ¾č±”ćµć¼ćć¼ćØć¢ććŖć±ć¼ć·ć§ć³ć«é©ēØććć¾ćć
č”ØA-1 jps-config.xmlć®ćććć¬ćć«ćØē¬¬2ć¬ćć«ć®č¦ē“
č¦ē“ | čŖ¬ę |
---|---|
<jpsConfig> {1} |
ę§ęćć”ć¤ć«ć®ćććć¬ćć«ć®č¦ē“ ćå®ē¾©ćć¾ćć |
<property> {0 or more} |
ććććć£ć®ååćØå¤ćå®ē¾©ćć¾ćććććÆć |
<propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more} |
1ć¤ć¾ććÆč¤ę°ć® |
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} |
č¤ę°ć®å¤ćęć¤ććććć£ćå®ē¾©ćć¾ćććććÆćextendedPropertyććć³serviceInstanceć®åč¦ē“ ć®äøćŖć©ćé層å ć®ä»ć®å “ęć«ćåŗē¾ććåÆč½ę§ćććć¾ćć |
<extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more} |
1ć¤ć¾ććÆč¤ę°ć® |
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more} |
1ć¤ć¾ććÆč¤ę°ć® |
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more} |
1ć¤ć¾ććÆč¤ę°ć® |
<jpsContexts> {1} <jpsContext> {1 or more} <serviceInstanceRef> {1 or more} |
1ć¤ć¾ććÆč¤ę°ć® |
ćć®é ć§ćÆćććććć¬ćć«ććć³ē¬¬2ć¬ćć«ć®č¦ē“ é層ćć§čŖ¬ęććē¬¬2ć¬ćć«ć®č¦ē“ ć®äøć«åŗē¾ććåÆč½ę§ćććå Øč¦ē“ ćć¢ć«ćć”ćććé ć«čŖ¬ęćć¾ćć
ćć®č¦ē“ ćÆćåƾåæćććØć³ćć£ćć£(ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć¾ććÆćµć¼ćć¹ć»ćććć¤ć)ć®čŖ¬ęćē¤ŗćć¾ćć
č¦Ŗč¦ē“
<serviceInstance>ć¾ććÆ<serviceProvider>
åč¦ē“
ćŖć
ē¹°čæć
<description>
ćÆć<serviceInstance>ć¾ććÆ<serviceProvider>ć®åćØćć¦ęå®ć§ćć¾ćć
<serviceInstance>ć®åć®å “å:
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
<serviceProvider>ć®åć®å “å:
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
ä¾
ꬔć®ä¾ć§ćÆććµć¼ćć¹ć»ćććć¤ćć®čŖ¬ęćčØå®ćć¦ćć¾ćć
<serviceProvider ... > <description>XML-based IdStore Provider</description> ... </serviceProvider>
Ā
ćć®č¦ē“ ćÆćꬔć®ć·ććŖćŖć§ę”å¼µććććć£ćå®ē¾©ćć¾ćć
č”ØA-2 <extendedProperty>ć®ć·ććŖćŖ
jps-config.xmlå ć§ć®ä½ē½® | ę©č½ |
---|---|
<jpsConfig>ć®ē“äø |
ę±ēØēćŖę”å¼µććććć£ćå®ē¾©ćć¾ćć<jpsConfig>ć®åćØćć¦ćę”å¼µććććć£ćÆćććØćć°LDAPćć¼ć¹ć®čŖčؼćććć¤ćć®ćć¹ć¦ć®ćć¼ć¹DNćęå®ć§ćć¾ćć |
<extendedPropertySet>ć®ē“äø |
ę”å¼µććććć£ć»ć»ććć®äøéØć§ććę±ēØēćŖę”å¼µććććć£ćå®ē¾©ćć¾ćć |
<serviceInstance>ć®ē“äø |
ē¹å®ć®ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ę”å¼µććććć£ćå®ē¾©ćć¾ćć |
ę”å¼µććććć£ć«ćÆéåøøćč¤ę°ć®å¤ćå«ć¾ćć¦ćć¾ććććććć®å¤ćęå®ććć«ćÆć<value>č¦ē“ ćä½æēØćć¾ćććć®ć«ćć“ćŖć«ćÆćꬔć®å¤ć®ęå®ćŖć©ćLDAPć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć®ććććć£ćććć¤ćå«ć¾ćć¾ćć
ć¦ć¼ć¶ć¼ć»ćŖććøć§ćÆćć®ä½ęć«ä½æēØććććŖććøć§ćÆćć»ćÆć©ć¹
ć¦ć¼ć¶ć¼ä½ęęć«ęå®ććåæ č¦ć®ććå±ę§å
ć¦ć¼ć¶ć¼ę¤ē“¢ēØć®ćć¼ć¹DN
č¦Ŗč¦ē“
<extendedPropertySet>ć<jpsConfig>ć¾ććÆ<serviceInstance>
åč¦ē“
ē¹°čæć
<extendedProperty>
ćÆć<extendedPropertySet>ć<jpsConfig>ć¾ććÆ<serviceInstance>ć®åćØćć¦ęå®ć§ćć¾ćć
<extendedPropertySet>ć®åć®å “å:
<extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more}
<jpsConfig>ć®åć®å “å:
<jpsConfig> <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
<serviceInstance>ć®åć®å “å:
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
ä¾
ꬔć®ä¾ć§ćÆć1ć¤ć®å¤ćčØå®ćć¦ćć¾ćć
<extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=us,dc=oracle,dc=com</value> </values> </extendedProperty>
ćć®č¦ē“ ćÆćę”å¼µććććć£ć®ć»ćććå®ē¾©ćć¾ććå®ē¾©å¾ćę”å¼µććććć£ć»ć»ćććÆććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ę§ęć®äøéØćØćć¦ē¹å®ć®ććććć£ćęå®ććććć«ć<extendedPropertySetRef>
č¦ē“ ć«ćć£ć¦åē
§ććć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
ę”å¼µććććć£ć»ć»ććć®ååćęå®ćć¾ćć1ć¤ć®ę§ęćć”ć¤ć«äøć«åć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
<extendedPropertySets>å ć«1ć¤ä»„äøåæ č¦ć§ćć
<extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more}
ćć®č¦ē“ ćÆććć”ć¤ć«å ć®å„ć®å “ęć§å®ē¾©ćććę”å¼µććććć£ć»ć»ćććåē §ććććØć«ććććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćę§ęćć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
<serviceInstance>č¦Ŗč¦ē“ ć§å®ē¾©ććććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć«ä½æēØćććę”å¼µććććć£ćå«ć¾ććę”å¼µććććć£ć»ć»ćććåē
§ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
ćŖć
ē¹°čæć
ćŖćć·ć§ć³(ć¼ćå仄äø)
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
ćć®č¦ē“ ćÆćććććć£ć®ć»ćććęå®ćć¾ćć
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
ćŖćć·ć§ć³(0ć¾ććÆ1ć¤)
<jpsConfig> <extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more}
ćććÆę§ęćć”ć¤ć«ć®ć«ć¼ćč¦ē“ ć§ćć
č¦Ŗč¦ē“
ćŖć
åč¦ē“
<extendedProperty>ć<extendedPropertySets>ć<jpsContexts>ć<property>ć<propertySets>ć<serviceInstances>ć¾ććÆ<serviceProviders>
ē¹°čæć
åæ é (1ć¤ć®ćæ)
ä¾
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1"> ... </jpsConfig>
Ā
ćć®č¦ē“ ćÆćć³ć³ććć¹ććę§ęćććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ć»ćććåē
§ććć(äøč¬ēćŖä½æēØę¹ę³)ćå„ć®ć³ć³ććć¹ććåē
§ććććØć«ććććć”ć¤ć³ć«å
±éćććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ć³ć¬ćÆć·ć§ć³ć§ććOPSSć³ć³ććć¹ćć宣čØćć¾ććę§ęćć”ć¤ć«å
ć®å<jspContext>
ć«ćÆćåå„ć®ååćå²ćå½ć¦ćåæ
č¦ćććć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
OPSSć³ć³ććć¹ćć®ååćęå®ćć¾ććåć³ć³ććć¹ććÆćäøęć®ååćęć¤åæ č¦ćććć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
<jpsContext>
č¦ē“ ćÆć<jpsContexts>ć®äøć«å°ćŖććØć1ć¤åæ
č¦ć§ćć<serviceInstanceRef>č¦ē“ ćÆć<jpsContext>
č¦ē“ ć«å«ć¾ćć¾ćć
<jpsContexts> {1} <jpsContext> {1 or more} <serviceInstanceRef> {1 or more}
ä¾
ꬔć®ä¾ćÆć2ć¤ć®ć³ć³ććć¹ćć®å®ē¾©ćē¤ŗćć¦ćć¾ććęåć®ć³ć³ććć¹ććÆdefault
ćØććććć©ć«ćć»ć³ć³ććć¹ćć§ćć(<jpsContexts>ć§default
å±ę§ć«ćć£ć¦ęå®ććććć®)ćč¤ę°ć®ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćååć«ćć£ć¦åē
§ćć¾ćć
2ēŖē®ć®anonymous
ćØććć³ć³ććć¹ććÆćčŖčؼććć¦ććŖćć¦ć¼ć¶ć¼ćåÆ¾č±”ćØćć¦ćććanonymous
ććć³anonymous.loginmodule
ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćåē
§ćć¾ćć
<serviceInstances> ... <serviceInstance provider="credstoressp" name="credstore"> <description>File Based Default Credential Store Service Instance</description> <property name="location" value="${oracle.instance}/config/JpsDataStore/JpsSystemStore"/> </serviceInstance> ... <serviceInstance provider="anonymous.provider" name="anonymous"> <property value="anonymous" name="anonymous.user.name"/> <property value="anonymous-role" name="anonymous.role.name"/> </serviceInstance> ... <serviceInstance provider="jaas.login.provider" name="anonymous.loginmodule"> <description>Anonymous Login Module</description> <property value="oracle.security.jps.internal.jaas.module.anonymous.AnonymousLoginModule" name="loginModuleClassName"/> <property value="REQUIRED" name="jaas.login.controlFlag"/> </serviceInstance> ... </serviceInstances> ... <jpsContexts default="default"> ... <jpsContext name="default"> <!-- This is the default JPS context. All the mandatory services and Login Modules must be configured in this default context --> <serviceInstanceRef ref="credstore"/> <serviceInstanceRef ref="idstore.xml"/> <serviceInstanceRef ref="policystore.xml"/> <serviceInstanceRef ref="idstore.loginmodule"/> <serviceInstanceRef ref="idm"/> </jpsContext> <jpsContext name="an ’onymous"> <serviceInstanceRef ref="anonymous"/> <serviceInstanceRef ref="anonymous.loginmodule"/> </jpsContext> ... </jpsContexts>
Ā
ćć®č¦ē“ ćÆćć³ć³ććć¹ćć®ć»ćććęå®ćć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
ęå®ććŖćå “åć«ć¢ććŖć±ć¼ć·ć§ć³ć«ćć£ć¦ä½æēØćććć³ć³ććć¹ććęå®ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) ę³Øę: ććć©ć«ćć»ć³ć³ććć¹ćć§ćÆććć¹ć¦ć®åæ é ć®ćµć¼ćć¹ćØćć°ć¤ć³ć»ć¢ćøć„ć¼ć«ćę§ęććåæ č¦ćććć¾ćć |
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
åæ é (1ć¤ć®ćæ)
<jpsConfig> <jpsContexts> {1} <jpsContext> {1 or more}
ä¾
<jpsContext>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆćę”å¼µććććć£ć®ååćęå®ćć¾ćć
č¦Ŗč¦ē“
åč¦ē“
ćŖć
ē¹°čæć
åæ é (1ć¤ć®ćæ)
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
ä¾
<extendedProperty>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆćꬔć®ć·ććŖćŖć§ććććć£ćå®ē¾©ćć¾ćć
č”ØA-3 <property>ć®ć·ććŖćŖ
jps-config.xmlå ć§ć®ä½ē½® | ę©č½ |
---|---|
<jpsConfig>ć®ē“äø |
ę±ēØēćŖåäøå¤ććććć£ćå®ē¾©ćć¾ćć |
<propertySet>ć®ē“äø |
ććććć£ć»ć»ććć®äøéØć§ććę±ēØēćŖč¤ę°å¤ććććć£ćå®ē¾©ćć¾ćć |
<serviceInstance>ć®ē“äø |
ē¹å®ć®ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć§ä½æēØćććććććć£ćå®ē¾©ćć¾ćć |
<serviceProvider>ć®ē“äø |
ē¹å®ć®ćµć¼ćć¹ć»ćććć¤ćć®ćć¹ć¦ć®ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć§ä½æēØćććććććć£ćå®ē¾©ćć¾ćć |
ććććć£ć®ćŖć¹ćć«ć¤ćć¦ćÆćä»é²FćOPSSć®ć·ć¹ćć ććć³ę§ęććććć£ććåē §ćć¦ćć ććć
å±ę§
åå | čŖ¬ę |
---|---|
|
čØå®ććććććć£ć®ååćęå®ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
|
čØå®ććććććć£ć®å¤ćęå®ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
<jpsConfig>ć<propertySet>ć<serviceInstance>ć¾ććÆ<serviceProvider>
åč¦ē“
ćŖć
ē¹°čæć
<propertySet>
ć®äøć®å “åćÆ1ć¤ä»„äøåæ
č¦ć§ćććć仄å¤ć®å “åćÆćŖćć·ć§ć³ć§ćć¼ćå仄äøć§ćć
<jpsConfig>ć®åć®å “å:
<jpsConfig> <property> {0 or more}
<propertySet>ć®åć®å “å:
<propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more}
<serviceInstance>ć®åć®å “å:
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
<serviceProvider>ć®åć®å “å:
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
ä¾
ꬔć®ä¾ćÆćčŖåÆć®JAASć¢ć¼ććē”å¹åććććććć£ćē¤ŗćć¦ćć¾ćć
<jpsConfig ... > ... <property name="oracle.security.jps.jaas.mode" value="off"/> ... </jpsConfig>
ćć®ä»ć®ä¾ć«ć¤ćć¦ćÆć<propertySet>ććć³<serviceInstance>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆćććććć£ć®ć»ćććå®ē¾©ćć¾ććåććććć£ć»ć»ććć«ćÆååćććććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ę§ęć«ććććć£ćå«ććććć«ć<propertySetRef>č¦ē“ ććåē §ć§ććććć«ćŖć£ć¦ćć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
ććććć£ć»ć»ććć®ååćęå®ćć¾ćć1ć¤ć® å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
<propertySets>
å
ć«1ć¤ä»„äøåæ
č¦ć§ćć
<propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more}
ä¾
<propertySets> ... <!-- For property that points to valid Access SDK installation directory --> <propertySet name="access.sdk.properties"> <property name="access.sdk.install.path" value="$ACCESS_SDK_HOME"/> </propertySet> ... </propertySets> <serviceInstances> ... <serviceInstance provider="jaas.login.provider" name="oam.loginmodule"> <description>Oracle Access Manager Login Module</description> <property value="oracle.security.jps.internal.jaas.module.oam.OAMLoginModule" name="loginModuleClassName"/> <property value="REQUIRED" name="jaas.login.controlFlag"/> <propertySetRef ref="access.sdk.properties"/> </serviceInstance> ... </serviceInstances>
ćć®č¦ē“ ćÆććć”ć¤ć«å ć®å„ć®å “ęć§å®ē¾©ćććććććć£ć»ć»ćććåē §ććććØć«ććććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćę§ęćć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
<serviceInstance>č¦Ŗč¦ē“ ć§å®ē¾©ććććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć«ä½æēØćććććććć£ćå«ć¾ććććććć£ć»ć»ćććåē
§ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
ćŖć
ē¹°čæć
ćŖćć·ć§ć³(ć¼ćå仄äø)
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
ä¾
<propertySet>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆćććććć£ć»ć»ććć®ć»ćććęå®ćć¾ćć
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
ćŖćć·ć§ć³ćååØććå “åćÆ1ć¤ć®<propertySets>
č¦ē“ ć®ćæćčرåÆććć¾ćć
<jpsConfig> <propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more}
ä¾
<propertySet>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆćć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć»ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćććŖć·ć¼ć»ć¹ćć¢ć»ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ć»ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćŖć©ććµć¼ćć¹ć»ćććć¤ćć®ć¤ć³ć¹ćæć³ć¹ćå®ē¾©ćć¾ćć
åćććć¤ćć»ć¤ć³ć¹ćæć³ć¹ćÆćć¤ć³ć¹ćæć³ć¹å(ę§ęćć”ć¤ć«å ć§ćććć¤ććęćććć«ä½æēØ)ćć¤ć³ć¹ćæć³ć¹åććććććć¤ćć®ååćććć³å “åć«ćć£ć¦ćÆć¤ć³ć¹ćæć³ć¹ć®ććććć£ćęå®ćć¾ććććććć£ćÆćć¤ć³ć¹ćæć³ć¹ć®å “ęćå«ćć§ććććć®ć¤ć³ć¹ćæć³ć¹č¦ē“ čŖä½å ć§ē“ę„ęå®ććććććććć£ć¾ććÆććććć£ć»ć»ćććåē §ććććØć«ćć£ć¦éę„ēć«ęå®ććććØćć§ćć¾ćććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ććććć£ćå¤ę“ććć«ćÆćē¬¬E.1é ćć¹ćÆćŖćććä½æēØććOPSSćµć¼ćć¹ć»ćććć¤ćć»ć¤ć³ć¹ćæć³ć¹ć®ę§ęćć§čŖ¬ęććć¦ććęé ćä½æēØć§ćć¾ćć
ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ććććć£ćØę”å¼µććććć£ććꬔć®ę¹ę³ć§čØå®ćć¾ćć
<property>ćµćč¦ē“ ćä½æēØćć¦ććććć£ćē“ę„čØå®ćć¾ćć
<extendedProperty>ćµćč¦ē“ ćä½æēØćć¦ę”å¼µććććć£ćē“ę„čØå®ćć¾ćć
<propertySetRef>ćµćč¦ē“ ćä½æēØćć¦äŗåå®ē¾©ęøć®ććććć£ć»ć»ćććåē §ćć¾ćć
<extendedPropertySetRef>ćµćč¦ē“ ćä½æēØćć¦äŗåå®ē¾©ęøć®ę”å¼µććććć£ć»ć»ćććåē §ćć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
ćć®ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ååćęå®ćć¾ćć1ć¤ć® å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
|
ćć®ć¤ć³ć¹ćæć³ć¹ćć©ć®ćµć¼ćć¹ć»ćććć¤ćć®ćć®ć§ććććē¤ŗćć¾ćć
å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
<description>ć<extendedProperty>ć<extendedPropertySetRef>ć<property>ć¾ććÆ<propertySetRef>
ē¹°čæć
<serviceInstances>
å
ć«1ć¤ä»„äøåæ
č¦ć§ćć
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
ä¾
ꬔć®ä¾ć§ćÆććć”ć¤ć«ćć¼ć¹ć®ć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć»ćµć¼ćć¹ć®ę§ęćē¤ŗćć¾ćććć”ć¤ć«ćć¼ć¹ć®ć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć®ćµćć¹ćÆć©ć¤ćåćÆćććć©ć«ćć»ć¬ć«ć ć§ćććć®ä¾ć§ćÆćlocation
ććććć£ćä½æēØćć¦å “ęćčØå®ćć¦ćć¾ćć
<serviceInstances> <serviceInstance name="idstore.xml" provider="idstore.xml.provider"> <!-- Subscriber name must be defined for XML Identity Store --> <property name="subscriber.name" value="jazn.com"/> <!-- This is the location of XML Identity Store --> <property name="location" value="./system-jazn-data.xml"/> </serviceInstance> ... </serviceInstances>
ꬔć®ä¾ć§ćÆćč³ę ¼čؼęć¹ćć¢ć»ćµć¼ćć¹ć®ę§ęćē¤ŗćć¾ććććć§ćÆćlocation
ććććć£ćä½æēØćć¦č³ę ¼čؼęć¹ćć¢ć®å “ęćčØå®ćć¦ćć¾ćć
<serviceInstances> <serviceInstance provider="credstoressp" name="credstore"> <description>File Based Default Credential Store Service Instance</description> <property name="location" value="${oracle.instance}/config/JpsDataStore/JpsSystemStore" /> </serviceInstance> ... </serviceInstances>
ꬔć®ä¾ć§ćÆćOracle Internet Directoryćä½æēØććLDAPćć¼ć¹ć®ć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć®ę§ęćē¤ŗćć¾ćć
<serviceInstance name="idstore.oid" provider="idstore.ldap.provider"> <property name="subscriber.name" value="dc=us,dc=oracle,dc=com"/> <property name="idstore.type" value="OID"/> <property name="security.principal.key" value="ldap.credentials"/> <property name="security.principal.alias" value="JPS"/> <property name="ldap.url" value="ldap://myServerName.com:389"/> <extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=us,dc=oracle,dc=com</value> </values> </extendedProperty> <extendedProperty> <name>group.search.bases</name> <values> <value>cn=groups,dc=us,dc=oracle,dc=com</value> </values> </extendedProperty> <property name="username.attr" value="uid"/> <property name="groupname.attr" value="cn"/> </serviceInstance>
ꬔć®ä¾ć§ćÆćē£ę»ćććć¤ćć®ę§ęćē¤ŗćć¾ćć
<serviceInstances> <serviceInstance name="audit" provider="audit.provider"> <property name="audit.filterPreset" value="Low"/> <property name="audit.specialUsers" value ="admin, fmwadmin" /> <property name="audit.customEvents" value ="JPS:CheckAuthorization, CreateCredential, OIF:UserLogin"/> <property name="audit.loader.jndi" value="jdbc/AuditDB"/> <property name="audit.loader.interval" value="15" /> <property name="audit.maxFileSize" value="10240" /> <property name=" audit.loader.repositoryType " value="Db" /> </serviceInstance> </serviceInstances>
ꬔć®ä¾ć§ćÆććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ć®ę§ęćē¤ŗćć¾ćć
<serviceInstance name="user.authentication.loginmodule" provider="jaas.login.provider"> <description>User Authentication Login Module</description> <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule"/> <property name="jaas.login.controlFlag" value="REQUIRED"/> <property name="enable.anonymous" value="true"/> <property name="remove.anonymous.role" value="false"/> </serviceInstance>
é¢é£é ē®:
|
ćć®č¦ē“ ćÆććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćåē §ćć¾ćć
å±ę§
åå | čŖ¬ę |
---|---|
|
<jpsContext>č¦Ŗč¦ē“ ć§å®ē¾©ćććć³ć³ććć¹ćć®äøéØć§ćććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ćåē
§ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
ćŖć
ē¹°čæć
<jpsContext>å ć«1ć¤ä»„äøåæ č¦ć§ćć
<jpsContexts> {1} <jpsContext> {1 or more} <serviceInstanceRef> {1 or more}
ä¾
<jpsContext>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆć<serviceInstance>č¦ē“ ć®č¦Ŗć§ćć
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
ćŖćć·ć§ć³(0ć¾ććÆ1ć¤)
<jpsConfig> <serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
ä¾
<serviceInstance>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆććµć¼ćć¹ć»ćććć¤ććå®ē¾©ćć¾ććåćććć¤ććÆććććć¤ćć®ćæć¤ć(č³ę ¼čؼęć¹ćć¢ćčŖčؼćććć¤ććććŖć·ć¼ć»ć¹ćć¢ććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ćŖć©)ććććć¤ćć®åå(ę§ęćć”ć¤ć«å
ć§ćććć¤ććęćććć«ä½æēØ)ćJavaćÆć©ć¹(ćććć¤ććå®č£
ćććććć¤ććä½ęććććØćć«ć¤ć³ć¹ćæć³ć¹åććć)ćęå®ćć¾ććććć«ćč¦ē“ property
ć§ćÆćććć¤ćć®ć¤ć³ć¹ćæć³ć¹åć«ä½æēØćććčØå®ćęå®ćć¾ćć
ꬔć®ćć¼ćæćęå®ćć¾ćć
ćµć¼ćć¹ć»ćććć¤ćć®ćæć¤ć1"ĪŻ(type
å±ę§ć§ęå®)
ćµć¼ćć¹ć»ćććć¤ćć«ęå®ćććåå(ćć®ćµć¼ćć¹ć»ćććć¤ćć®ć¤ć³ć¹ćæć³ć¹ćå®ē¾©ććå<serviceInstance>
č¦ē“ å
ć§åē
§ććć¾ć)
ćć®ćµć¼ćć¹ć»ćććć¤ććå®č£ ćććć®ćµć¼ćć¹ć»ćććć¤ćć®ć¤ć³ć¹ćæć³ć¹ä½ęęć«ć¤ć³ć¹ćæć³ć¹åććććÆć©ć¹
ćć®ćµć¼ćć¹ć»ćććć¤ćć®ä»»ęć®ć¤ć³ć¹ćæć³ć¹ć«ę±ēØēć«ä½æēØćććä»»ęć®ćŖćć·ć§ć³ć®ććććć£
å±ę§
åå | čŖ¬ę |
---|---|
|
宣čØćććµć¼ćć¹ć»ćććć¤ćć®ćæć¤ććØćć¦ćꬔć®ćććććęå®ćć¾ćć
å®č£ ćÆć©ć¹ć§ćÆććć”ć¤ć«ćć¼ć¹ć®ć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ćLDAPćć¼ć¹ć®ććŖć·ć¼ć»ć¹ćć¢ćå®č£ ćććŖć©ćć¦ćććå ·ä½ēć«ćććć¤ćć®ćæć¤ććå®ē¾©ććć¾ćć å¤: ęåå(äøčØć®å¤) ććć©ć«ć: č©²å½ćŖć(åæ é ) |
|
ćć®ćµć¼ćć¹ć»ćććć¤ćć®ååćęå®ćć¾ćććć®ååćÆć<serviceInstance>č¦ē“ ć® å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
|
ćć®ćµć¼ćć¹ć»ćććć¤ććå®č£ ćć(ććć³ćć®ćµć¼ćć¹ć»ćććć¤ćć®ć¤ć³ć¹ćæć³ć¹ä½ęęć«ć¤ć³ć¹ćæć³ć¹åććć)JavaćÆć©ć¹ć®å®å Øäæ®é£¾åćęå®ćć¾ćć å¤: ęåå ććć©ć«ć: č©²å½ćŖć(åæ é ) |
č¦Ŗč¦ē“
åč¦ē“
<description>ć¾ććÆ<property>
ē¹°čæć
<serviceProviders>č¦ē“ å ć«1ć¤ä»„äøåæ č¦ć§ćć
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
ä¾
ꬔć®ä¾ć§ćÆććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ć»ćµć¼ćć¹ć»ćććć¤ćć®ęå®ćē¤ŗćć¾ćć
<serviceProviders> <serviceProvider type="LOGIN" name="jaas.login.provider" class="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider"> <description>This is Jaas Login Service Provider and is used to configure login module service instances</description> </serviceProvider> </serviceProviders>
ꬔć®ä¾ć§ćÆćē£ę»ćµć¼ćć¹ć»ćććć¤ćć®å®ē¾©ćē¤ŗćć¾ćć
<serviceProviders> <serviceProvider name="audit.provider" type="AUDIT" class="oracle.security.jps.internal.audit.AuditProvider"> </serviceProvider> </serviceProviders>
ćć®ä»ć®ä¾ć«ć¤ćć¦ćÆć<serviceInstance>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆććµć¼ćć¹ć»ćććć¤ćć®ć»ćććęå®ćć¾ćć
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
ćŖćć·ć§ć³ć§ć1ć¤ć®ćæć§ćć
<jpsConfig> <serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
ä¾
<serviceProvider>ćåē §ćć¦ćć ććć
Ā
ćć®č¦ē“ ćÆę”å¼µććććć£ć®å¤ćęå®ćć¾ććę”å¼µććććć£ćÆč¤ę°ć®å¤ćęć¤ććØćć§ćć¾ćć<value>
č¦ē“ ććØć«1ć¤ć®å¤ćęå®ćć¾ćć
č¦Ŗč¦ē“
åč¦ē“
ćŖć
ē¹°čæć
<values>å ć«1ć¤ä»„äøåæ č¦ć§ćć
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
ä¾
<extendedProperty>ćåē §ćć¦ćć ććć
Ā
<value>č¦ē“ ć®č¦Ŗč¦ē“ ć§ćć
č¦Ŗč¦ē“
åč¦ē“
ē¹°čæć
<extendedProperty>
å
ć«1ć¤ć®ćæåæ
č¦ć§ćć
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
ä¾
<extendedProperty>ćåē §ćć¦ćć ććć
Ā
ćć®ē« ć§ćÆćOracle Fusion Middlewareć®ē£ę»ćµć¼ćć¹ć®ę¦č¦ćē¤ŗćć¾ćć
Oracle Fusion Middlewareć«ććć¦ćē£ę»ćÆć¢ć«ć¦ć³ćæććŖćć£ćå®ē¾ććęꮵć§ćććć¾ććć ććććć¤ćä½ćč”ć£ćććØćććæć¤ćć®č³Ŗåćøć®åēćęä¾ćć¾ćććć®ē« ć®å 容ćÆꬔć®ćØććć§ćć
ē¬¬13.1é ćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć®å©ē¹ćØę©č½ć
ē¬¬13.3é ćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć®ę¦åæµć
ćć®é ć®å 容ćÆꬔć®ćØććć§ćć
ć³ć³ćć©ć¤ć¢ć³ć¹ćććøćć¹č¦ä»¶ć®äøåÆę¬ ćŖč¦ē“ ć«ćŖćć¤ć¤ććē¾åØćē£ę»ć®ćµćć¼ćććØć³ćæć¼ćć©ć¤ćŗć»ćććć¤ć”ć³ćć«ćććę³Øē®ć®ēć«ćŖćć¤ć¤ććć¾ćć锧客ćÆćčæ½å čØå®ćŖćć§ććć«ä½æēØć§ććē£ę»ćµćć¼ććęä¾ććć¢ććŖć±ć¼ć·ć§ć³ć»ćć³ćć¼ćę¢ćć¦ćć¾ććć¾ććć«ć¹ćæć ć»ć¢ććŖć±ć¼ć·ć§ć³ććććć¤ććććć«ć¦ć§ć¢ć®é”§å®¢ćÆććććć¤ćććē£ę»ćåæ č¦ćŖå Øć¢ććŖć±ć¼ć·ć§ć³ć®ē£ę»ćéäøē®”ēććććØčćć¦ćć¾ćć
ITēµē¹ć§ćÆćć³ć³ćć©ć¤ć¢ć³ć¹ćē£č¦ććć³åęćØććč¦ä»¶ć®č¦³ē¹ćććäø»č¦ćŖē£ę»ę©č½ćę¢ćć¦ćć¾ćć
ć³ć³ćć©ć¤ć¢ć³ć¹
ć³ć³ćć©ć¤ć¢ć³ć¹ććØć³ćæć¼ćć©ć¤ćŗć«ćććäø»č¦ćŖč¦ä»¶ć§ććććØćÆćęē½ć§ććSarbanes-Oxleyę³(č²”å)ćHealth Insurance Portability and Accountability Act (HIPAA: å»ēäæéŗ)ć®ćććŖč¦å¶ć«ćććå¤ćć®é”§å®¢ćÆē¾åØćć¢ććŖć±ć¼ć·ć§ć³ćććć¤ć¹ć§ćć¢ć¤ćć³ćć£ćć£ę å ±ććć³ć¦ć¼ć¶ć¼ć»ć¢ćÆć»ć¹ć®ē£ę»ćå®č”ć§ććåæ č¦ćććć¾ćććććć«ćÆćꬔć®ćććŖć¤ćć³ććå«ć¾ćć¾ćć
ć¦ć¼ć¶ć¼ć»ćććć”ć¤ć«ć®å¤ę“
ć¢ćÆć»ć¹ęØ©ć®å¤ę“
ć¦ć¼ć¶ć¼ć»ć¢ćÆć»ć¹ć»ć¢ćÆćć£ććć£
ęä½ć¢ćÆćć£ććć£(ć¢ććŖć±ć¼ć·ć§ć³ć®čµ·åćØåę¢ćć¢ććć°ć¬ć¼ćććććÆć¢ćććŖć©)
ććć«ćććć³ć³ćć©ć¤ć¢ć³ć¹ę å½č ćÆćć³ć³ćć©ć¤ć¢ć³ć¹ć»ććŖć·ć¼ćå®ęēć«č¦ē“ćććØćć§ćć¾ćć
ē£č¦
ē£ę»ćć¼ćæćććÆéåøøćē£č¦ē®ēć®ććć«ćč±åÆćŖćć¼ćæć»ć»ćććå¾ććć¾ććå ¬éććććć°ć»ćć¼ćæććć³ć³ć³ćć¼ćć³ćć»ć”ććŖććÆć ćć§ćŖććē£ę»ćć¼ćæćä½æēØćć¦ććć·ć„ćć¼ććä½ęććććć¢ć©ć¼ćēØć®ćć¼ć»ććć©ć¼ćć³ć¹ć»ć¤ć³ćć£ć±ć¼ćæ(KPI)ćčØå®ććććć¦ćę§ć ćŖć·ć¹ćć ć®ē¶ę ćē¶ē¶ēć«ē£č¦ććććØćć§ćć¾ćć
åę
ć¾ććē£ę»ćć¼ćæćåęććē®”ēå¹ęćč©ä¾”ććććØćć§ćć¾ććē£ę»ćć¼ćæćÆććŖć¹ćÆåęć«ćä½æēØć§ćć¾ćć屄ę“ćć¼ćæć«åŗć„ćć¦ćŖć¹ćÆć»ć¹ć³ć¢ćčØē®ććä»»ęć®ć¦ć¼ć¶ć¼ć«å²ćå½ć¦ćććØćć§ćć¾ććć¦ć¼ć¶ć¼ć»ć¢ćÆć»ć¹ć®ć©ć®ćććŖå®č”ęč©ä¾”ć«ććć·ć¹ćć ć«åƾććć¢ćÆć»ć¹ćäæč·ććććć®čæ½å ć®åŗęŗćØćć¦ę§ć ćŖćŖć¹ćÆć»ć¹ć³ć¢ćå«ććććØćć§ćć¾ćć
ē£ę»č¦ä»¶ćęŗćććććITēµē¹ć§ćÆćć°ćć°ćććć¤ćććć¢ććŖć±ć¼ć·ć§ć³ć«åƾććē£ę»ćµćć¼ćć®ę¬ å¦ćØéć£ć¦ćć¾ćććććÆćꬔć®ē¹ć«åƾćć¦äæ”é ¼ć§ććęØęŗćååØćć¦ććŖćććć§ćć
ē£ę»ć¬ć³ć¼ćć®ēę
ē£ę»ć¬ć³ć¼ćć®ćć©ć¼ććććØę ¼ē“
ē£ę»ććŖć·ć¼ć®å®ē¾©
ćć®ēµęćē¾åØć®ē£ę»ć½ćŖć„ć¼ć·ć§ć³ć«ćÆćꬔć®ćććŖå¤ćć®å¤§ććŖåé”ē¹ćććć¾ćć
éäøē®”ēćććē£ę»ćć¬ć¼ć ćÆć¼ćÆćććć¾ććć
ē£ę»ćµćć¼ćć®åč³Ŗćć¢ććŖć±ć¼ć·ć§ć³ććØć«ć¾ć”ć¾ć”ć§ćć
ē£ę»ćć¼ćæććØć³ćæć¼ćć©ć¤ćŗå Øä½ć«ę£ä¹±ćć¦ćć¾ćć
ć³ć³ćć¼ćć³ćéć®ęå³ć®ććåęćå®č”ććć«ćÆććć®åć«č¤éćŖćć¼ćæć®é¢äæä»ććåæ č¦ćØćŖćć¾ćć
ē£ę»ććŖć·ć¼ćØćć®ę§ęćę£ä¹±ćć¦ćć¾ćć
ćććć®č¦å ć«ćććITēµē¹ćÆé©åćŖē£ę»ć½ćŖć„ć¼ć·ć§ć³ć®ę§ēÆććć³ē¶ęć«ććŖćć®ęéćØćŖć½ć¼ć¹ćå²ćć¦ćć¾ćććć¼ćæćåć ć®ćµć¤ćć«ę£ä¹±ćć¦ćć¦ćäøč²«ę§ćéäøē®”ēććŖćē¶ę ć§ćÆćę§ć ćŖćć³ćć¼ćē¾ęē¹ć«ćććē¬čŖć®ē£ę»ę©č½ćä½æēØćć¦å®ē¾ćć¦ććć¢ććŖć±ć¼ć·ć§ć³éć«ēµ±äøę§ććŖććē£ę»ć½ćŖć„ć¼ć·ć§ć³ćčå¼±ć«ćŖććć”ć§ćć
Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆćéäøē®”ēćććē£ę»ćć¬ć¼ć ćÆć¼ćÆćććć«ć¦ć§ć¢ć®č£½åćć”ććŖć«ęä¾ććććčØčØććć¦ćć¾ćććć®ćć¬ć¼ć ćÆć¼ćÆćÆćꬔć®ćć®ć«åƾćć¦ē£ę»ćµć¼ćć¹ćęä¾ćć¾ćć
ććć«ć¦ć§ć¢ć»ćć©ćććć©ć¼ć - ććć«ćÆćOracle Platform Security Services (OPSS)ćOracle Web ServicesćŖć©ć®Javać³ć³ćć¼ćć³ććå«ć¾ćć¾ććććććÆćććć«ć¦ć§ć¢ć«ćććć¤ćććć¢ććŖć±ć¼ć·ć§ć³ć«ćć£ć¦ę“»ēØćććć³ć³ćć¼ćć³ćć§ććéę„ēć«ćÆććććć®Javać³ć³ćć¼ćć³ććä½æēØćććććć¤ęøć¢ććŖć±ć¼ć·ć§ć³ćÆćć¹ć¦ććć©ćććć©ć¼ć ć»ć¬ćć«ć§ēŗēććē£ę»ć¤ćć³ćććå©ē¹ćå¾ććć¾ćć
Java EEć¢ććŖć±ć¼ć·ć§ć³ - ē®ēćÆćOraclečŖä½ć®Java EEćć¼ć¹ć®ć³ć³ćć¼ćć³ćććÆćććØććJava EEć¢ććŖć±ć¼ć·ć§ć³ć«ćµć¼ćć¹ćęä¾ććććØć§ććJava EEć¢ććŖć±ć¼ć·ć§ć³ćÆćć¢ććŖć±ć¼ć·ć§ć³ć«åŗęćŖē£ę»ć¤ćć³ććä½ęć§ćć¾ćć
ć·ć¹ćć ć»ć³ć³ćć¼ćć³ć - Oracle HTTP ServerćŖć©ć®ć·ć¹ćć ć»ć³ć³ćć¼ćć³ćć«ć¤ćć¦ććē£ę»ćµć¼ćć¹ć«ćć£ć¦ćJavać³ć³ćć¼ćć³ćć®å “åćØåę§ć®ćØć³ććć¼ćØć³ćć®ę§é (C/C++ćć¼ć¹ć®ć¢ććŖć±ć¼ć·ć§ć³ēØć®ē£ę»APIćŖć©)ćå®ē¾ććć¾ćć
é¢é£é ē®: ćOracle Fusion Middlewareć®ē®”ēćć®Oracle Fusion Middlewareäø»č¦ę¦åæµć®ēč§£ć«é¢ććčŖ¬ę |
Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆććć³ē£ę»ćµć¼ćć¹ć®äø»ćŖę©č½ć«ćÆćꬔć®ćć®ćććć¾ćć
äøé£ć®Javać³ć³ćć¼ćć³ććć·ć¹ćć ć»ć³ć³ćć¼ćć³ćććć³ć¢ććŖć±ć¼ć·ć§ć³å Øä½ć«ććć£ć¦ē£ę»ćē®”ēććććć®ēµ±äøēćŖć·ć¹ćć
ꬔć®ę©č½ćå«ććJavać³ć³ćć¼ćć³ćē£ę»ć®åŗēÆćŖćµćć¼ć
Oracle Platform Security Servicesć«ććéē£ę»åƾåæć¢ććŖć±ć¼ć·ć§ć³ć®ē£ę»ć®ćµćć¼ć
ä»»ęć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¬ćć«ć§ć®ē£ę»ćć¼ćæę¤ē“¢ę©č½
čŖčؼ屄ę“ććć³čŖčؼ失ęćčŖåÆ屄ę“ćć¦ć¼ć¶ć¼ē®”ēććć³ćć®ä»ć®å ±éćć©ć³ć¶ćÆć·ć§ć³ć»ćć¼ćæć®åå¾
ęč»ćŖē£ę»ććŖć·ć¼
äŗåēęęøć®ē£ę»ććŖć·ć¼ć锧客ć§ććä½æēØćććē£ę»ć¤ćć³ćć®åå¾ę©č½ćŖć©ćå©ēØććć容ęćŖććŖć·ć¼ę§ę
ććŖć¼ē¶ć®ććŖć·ć¼ę§é ć«ććē°”ä¾æćŖććŖć·ć¼čØå®
ćć«ćć¤ć³ć®ć³ć³ćć©ć¤ć¢ć³ć¹ć»ć¬ćć¼ćä½ęę©č½
Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆćOracle BI Publisherć®ććć«ä½æēØåÆč½ćŖåęć¬ćć¼ćä½ęę©č½ćęä¾ćć¾ććč¤ę°ć®ć³ć³ćć¼ćć³ćć«ććć£ć¦č¤ę°ć®ę¬”å (å®č”ć³ć³ććć¹ćID (ECID)ćć¦ć¼ć¶ć¼IDćŖć©)ć§ćć¼ćæćåęć§ćć¾ććć¾ćććććć®ć¬ćć¼ććććŖćć”ć¬ć³ć¹ć«å¾ć£ć¦ć«ć¹ćæćć¤ćŗććććØćć§ćć¾ćć
éäøē®”ēćććē£ę»ćć¼ćæć«åŗć„ćć¦ć¬ćć¼ććä½ęćć¾ćć
锧客ćÆćć¬ćć¼ććć«ć¹ćæćć¤ćŗććććå ¬éćććē£ę»ć¹ćć¼ćć«åŗć„ćć¦ē¬čŖć®ć¬ćć¼ććä½ęććććØćć§ćć¾ćć
č©³ē“°ćÆćē¬¬15ē« ćē£ę»åęćØē£ę»ć¬ćć¼ćć®ä½æēØććåē §ćć¦ćć ććć
ē£ę»ć¬ć³ć¼ćć®ę ¼ē“
ē£ę»ćć¼ćæć»ć¹ćć¢(ćć¼ćæćć¼ć¹)ćØćć”ć¤ć«(ćć¹ć¹ććć)ćä½æēØć§ćć¾ćććć¹ć¦ć®ē£ę»ć¬ć³ć¼ćć«å ±éć®å “ęćē¶ęććććØć«ćććē®”ēć容ęć«ćŖćć¾ćć
ē£ę»ćć¼ćæć»ć¹ćć¢ćä½æēØććććØć«ćććOracle Business Intelligence Publisherćä½æēØććć¬ćć¼ćć®ēęćåÆč½ć«ćŖćć¾ćć
å ±éć®ē£ę»ć¬ć³ć¼ćć»ćć©ć¼ććć
ē£ę»čØ¼č·”ćÆꬔć®ē¹å¾“ćęć”ć¾ćć
ēµę(ć¹ćć¼ćæć¹)ćć¤ćć³ćć®ę„ęćć¦ć¼ć¶ć¼ćŖć©ć®ćć¼ć¹ć©ć¤ć³å±ę§
čŖčؼę¹å¼ćć½ć¼ć¹IPć¢ćć¬ć¹ććæć¼ć²ććć»ć¦ć¼ć¶ć¼ććŖć½ć¼ć¹ćŖć©ć®ć¤ćć³ćåŗęć®å±ę§
å®č”ć³ć³ććć¹ćID (ECID)ćć»ćć·ć§ć³IDćŖć©ć®ć³ć³ććć¹ćå±ę§
ē£ę»ććŖć·ć¼ę§ęēØć®å ±éć®ć”ć«ććŗć
Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆććć”ć¤ć³å ć§ē£ę»ććŖć·ć¼ćę§ęććććć®ēµ±äøēćŖęꮵćęä¾ćć¾ćć
Oracle Fusion Middlewareć®ć¤ć³ćć©ć¹ćć©ćÆćć£ć®ę“»ēØ
Oracle Fusion Middlewareć³ć³ćć¼ćć³ćććć³ćµć¼ćć¹éć§ć®ä½æēØćåÆč½
Oracle Enterprise Manager Fusion Middleware ControlćØć®ēµ±åć«ćććUIćć¼ć¹ć®ę§ęćØē®”ēćåÆč½
wlst
ćØć®ēµ±åć«ćććć³ćć³ćć©ć¤ć³ć§ć®ć¹ćÆćŖćććć¼ć¹ć®ę§ęćåÆč½
Oracle Platform Security Servicesć®SPIć¤ć³ćć©ć¹ćć©ćÆćć£ćę“»ēØ
ć¢ććŖć±ć¼ć·ć§ć³ć§ć®ē£ę»ćć¬ć¼ć ćÆć¼ćÆćØć®ēµ±åćåÆč½ć«ććåēć”ćæćć¼ćæć»ć¢ćć«ć®ä½æēØ
ć¢ććŖć±ć¼ć·ć§ć³ćÆćć¤ć§ćē£ę»ćµć¼ćć¹ć«ē»é²ćåÆč½
ē£ę»ć¤ćć³ććå®ē¾©ććć³čØé²ććććć«ē£ę»ćć¬ć¼ć ćÆć¼ćÆćć¢ććŖć±ć¼ć·ć§ć³ćę“»ēØććę©č½ćē°”ē“ å
ć¤ćć³ćå®ē¾©ć®ćć¼ćøć§ćć³ć°ćęä¾ććē£ę»ćÆć©ć¤ć¢ć³ćć«ćććŖćŖć¼ć¹ć»ćµć¤ćÆć«ć«ä¾åććŖćå®ē¾©ć®ć¢ććć°ć¬ć¼ććåÆč½ć«
ćć®é ć§ćÆćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć®ę¬”ć®åŗę¬ę¦åæµćčŖ¬ęćć¾ćć
å³13-1ćÆćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć®ć¢ć¼ćććÆćć£ćē¤ŗćć¦ćć¾ćć
ćć®å³ćÆćéēŗęććć³å®č”ęć®ćµć¼ćć¹ćē£ę»ć¤ćć³ćć»ććć¼ććć³äø»č¦ę©č½ćå«ćććć¢ć¼ćććÆćć£ć®åæ é č¦ē“ ćē¤ŗćć¦ćć¾ćććććć®č¦ē“ ć«ć¤ćć¦ćÆćꬔć«čŖ¬ęćć¦ćć¾ćć
ćć¬ć¼ć ćÆć¼ćÆć®äøåæć«ē£ę»ćµć¼ćć¹ć»ć¢ćć«ććććä»ć®OPSSćµć¼ćć¹ćØåę§ć«ććć®ć¢ćć«ć§ćÆJava EEććć³SEć¢ććŖć±ć¼ć·ć§ć³ććć³Oracleć³ć³ćć¼ćć³ćć«äøę§ć«ęØęŗćć¼ć¹ć®ēµ±åćć¬ć¼ć ćÆć¼ćÆćęä¾ććć¾ćć
Oracle Fusion Middlewareå Øä½ć§ä½æēØććććØć«ćć£ć¦ććć®ć¢ćć«ć§ćÆććć©ćććć©ć¼ć ć®ę¬”ć®ćććŖē£ę»ę©č½ćå¹ēēć«ä½æēØć§ććććć«ćŖćć¾ćć
ē£ę»ćÆć©ć¤ć¢ć³ććē£ę»ć¤ćć³ćå®ē¾©ćē®”ēćććć«ćććć³ćŖćŖć¼ć¹ć»ćµć¤ćÆć«ć«é¢äæćŖććć¼ćøć§ć³å¤ę“ćč”ćććØćć§ććåēē£ę»ć”ćæćć¼ćæć»ć¢ćć«ćē£ę»ć¤ćć³ćå®ē¾©ćÆćåćććć¤ć”ć³ćęć«åēć«ę“ę°ć§ćć¾ćć
čØčØććéēŗććć³ćććć¤ć”ć³ćć«č³ćć¾ć§ć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć©ć¤ććµć¤ćÆć«ć®ćć¹ć¦ć®å“é¢ć®ćµćć¼ćć
ē£ę»ćµć¼ćć¹ć«ć¢ććŖć±ć¼ć·ć§ć³ćē»é²ććē»é²ćµć¼ćć¹ć
宣čØē: Java EEć¢ććŖć±ć¼ć·ć§ć³ć§ćÆććććć¤ć”ć³ćęć«META-INFćć£ć¬ćÆććŖć®earćć”ć¤ć«ćØćć¦XMLę§ęćććć±ć¼ćøåććććØć«ćć£ć¦ē»é²ćå®č”ććć¾ćć
ććć°ć©ć ć®ä½æēØ: ē£ę»ē»é²APIćå¼ć³åŗćććØć«ćć£ć¦ē»é²ćć¾ćć
ć³ćć³ćć©ć¤ć³ć§ćWLSTć³ćć³ćć«ćć£ć¦ē»é²ćć¾ćć
č£½åćć³ćć¬ć¼ćć§ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćććć³ćć«ććććØć«ćć£ć¦ē»é²ćć¾ć(ē¬¬7.1é ćåē §)ć
ćć®APIćÆćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆćØēµ±åćććē£ę»åƾåæć®ä»»ęć®ć³ć³ćć¼ćć³ćć®ććć«ćē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ćć£ć¦ęä¾ććć¾ććć¢ććŖć±ć¼ć·ć§ć³ć§ćÆå®č”ęććććć®APIćé©å®ć³ć¼ć«ćć¦ćē£ę»ććŖć·ć¼ćē®”ēććććć¢ććŖć±ć¼ć·ć§ć³ć»ć³ć¼ćå ć§ēŗēććē¹å®ć®ć¤ćć³ćć«é¢ćć¦åæ č¦ćŖę å ±ćē£ę»ćććććå “åćććć¾ććć¢ććŖć±ć¼ć·ć§ć³ćÆćć®ć¤ć³ćæćć§ć¼ć¹ć«ćććē£č¦åÆ¾č±”ć¤ćć³ćć®ć³ć³ććć¹ćć®ęä¾ć«åæ č¦ćŖćć¦ć¼ć¶ć¼åććć®ä»å±ę§ćŖć©ć®ć¤ćć³ćč©³ē“°ćęå®ć§ćć¾ćć
ē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ćććꬔć®APIćęä¾ććć¾ćć
ē£ę»ćµć¼ćć¹API
ē£ę»ćÆć©ć¤ć¢ć³ćAPI
ē£ę»ē®”ēćµć¼ćć¹API
č©³ē“°ćÆćē¬¬25ē« ćåē §ćć¦ćć ććć
ćć®ććć»ć¹ćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ćµć¼ćć¼ć»ć¤ć³ć¹ćæć³ć¹å ć§ē£ę»åÆč½ćŖć¤ćć³ć(ććØćć°ćć°ć¤ć³)ćēŗēććå “åć«ććć¬ć¼ć ćÆć¼ćÆå ć§å®č”ćććć¢ćÆć·ć§ć³ćē¤ŗćććØć«ććčŖ¬ęć§ćć¾ćć
ę³Øę: å³13-1ć§ē¤ŗććć¢ć¼ćććÆćć£ć«ćÆćē£ę»ćć¼ćæć»ć¹ćć¢ćå«ć¾ććē£ę»ćć¼ćæć»ć¹ćć¢ćę§ęććć¦ććŖććµć¤ćć®å “åćē£ę»ć¬ć³ć¼ććÆćć¹ć¹ćććć»ćć”ć¤ć«å ć«ććć¾ćć |
ć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ć”ć³ćęć¾ććÆē£ę»ćµć¼ćć¹ć®čµ·åęć«ćJava EEć¢ććŖć±ć¼ć·ć§ć³ć¾ććÆOracleć³ć³ćć¼ćć³ććŖć©ć®ćÆć©ć¤ć¢ć³ććē£ę»ćµć¼ćć¹ć«ē»é²ććć¾ćć
ćµć¼ćć¹ćÆć¢ććŖć±ć¼ć·ć§ć³ć®äŗåę§ęęøć®ē£ę»å®ē¾©ćć”ć¤ć«ćčŖćæåććē£ę»å®ē¾©ć§ć”ćæćć¼ćæć»ć¹ćć¢ćę“ę°ćć¾ćć
ć¦ć¼ć¶ć¼ććć®ć³ć³ćć¼ćć³ćć¾ććÆć¢ććŖć±ć¼ć·ć§ć³ć«ć¢ćÆć»ć¹ćććØćć¤ćć³ććē£ę»ććććć«ē£ę»APIé¢ę°ćć³ć¼ć«ććć¾ćć
ē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆććć®ćæć¤ććć¹ćć¼ćæć¹ćććć³ē¹å®ć®å±ę§ć®ć¤ćć³ććē£ę»ććåæ č¦ććććć©ćććē¢ŗčŖćć¾ćć
ē£ę»ćåæ č¦ćŖå “åćÆē£ę»é¢ę°ćčµ·åćććē£ę»ć¤ćć³ćę§é ä½ćä½ęććć¦ćć¹ćć¼ćæć¹ćć¤ćć·ćØć¼ćæććŖć½ć¼ć¹ćECIDćŖć©ć®ć¤ćć³ćę å ±ćåéććć¾ćć
ć¤ćć³ććÆććć¹ć¹ććććØćć¦ē„ćććäøéēćŖå “ęć«ćććć¼ć«ć«ć»ćć”ć¤ć«ć«ę ¼ē“ććć¾ććåć³ć³ćć¼ćć³ććÆåå„ć®ćć¹ć¹ććććęć”ć¾ćć
ē£ę»ć¹ćć¢ćØćć¦ćć¼ćæćć¼ć¹ćę§ęććć¦ććå “åćē£ę»ćć¼ćć¼ćÆćć¹ć¹ćććććć¤ćć³ćććć«ććć¢ććŖć±ć¼ć·ć§ć³ć®ć”ćæćć¼ćæćä½æēØćć¦ćć¼ćæćęøå¼åćććć¼ćæćē£ę»ć¹ćć¢ć«ē§»åćć¾ćć
Oracle BI Publisherćä½æēØćć¦ćē£ę»ćć¼ćæććć¬ćć¼ććēęććććØćć§ćć¾ććäŗåå®ē¾©ęøć®ć¬ćć¼ćć»ć»ćććä½æēØć§ćć¾ćć(ē¬¬15ē« ćē£ę»åęćØē£ę»ć¬ćć¼ćć®ä½æēØććåē §ćć¦ćć ććć)
ē£ę»ć失ęććå “åć®ć¢ććŖć±ć¼ć·ć§ć³ć®åä½
ć¢ććŖć±ć¼ć·ć§ć³ćÆćć©ć®ćććŖēē±ć§ē£ę»ć¤ćć³ććčØé²ć§ććŖćå “åć§ćć£ć¦ććå®č”ćäøę¢ććććØćÆććć¾ććć
ćć®é ć§ćÆćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć®éč¦ćŖę¦åæµćčŖ¬ęćć¾ćć
ē£ę»åƾåæć³ć³ćć¼ćć³ć
ē£ę»åƾåæćØćÆćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ēµ±åćććē£ę»ććŖć·ć¼ć®ę§ęćØć¤ćć³ćć®ē£ę»ćåÆč½ćŖć³ć³ćć¼ćć³ććęćć¾ććOracle Internet DirectoryćÆē£ę»åƾåæć³ć³ćć¼ćć³ćć®äøä¾ć§ćć
ć¹ćæć³ćć¢ćć³ć»ć¢ććŖć±ć¼ć·ć§ć³ćÆćjps-config.xml
ćć”ć¤ć«ćä½æēØćć¦ę§ęćč”ćććØć§ćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆćØć®ēµ±åćåÆč½ć§ććč©³ē“°ćÆćä»é²Ać®<serviceInstances>
ćåē
§ćć¦ćć ććć
ē£ę»ć”ćæćć¼ćæć»ć¹ćć¢
ē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ć«ćÆćć³ć³ćć¼ćć³ććććć³ē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ēµ±åćććć¢ććŖć±ć¼ć·ć§ć³ć«åƾććē£ę»ć¤ćć³ćå®ē¾©ćę ¼ē“ććć¾ćć
č©³ē“°ćÆć13.3.3é ćåē §ćć¦ćć ććć
ē£ę»ćć¼ćæć»ć¹ćć¢
ē£ę»ćć¼ćæć»ć¹ćć¢ćÆćē£ę»ć¤ćć³ćć»ć¬ć³ć¼ćć®ćŖććøććŖć§ćććććÆććŖććøććŖä½ęć¦ć¼ćć£ćŖćć£(RCU)ć«ćć£ć¦ä½ęććććäŗåå®ē¾©ęøć®Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć»ć¹ćć¼ććå«ć¾ćććć¼ćæćć¼ć¹ć§ććē£ę»ćć¼ćæć»ć¹ćć¢ćę§ęćććØćē£ę»ćć¼ćć¼ćē£ę»ćć¼ćæć»ć¹ćć¢ćčŖčćććć¼ćæćē£ę»ćć¼ćæć»ć¹ćć¢ć«å®ęēć«ć¢ćććć¼ććććććć«ćŖćć¾ććē£ę»ć¹ćć¢å ć®ē£ę»ćć¼ćæćÆē“Æē©ćććććØćę³å®ćććęéć®ēµéć«ä¼“ć£ć¦å¢å ćć¾ććē£ę»ćć¼ćæć»ć¹ćć¢ćÆćä»ć®ć¢ććŖć±ć¼ć·ć§ć³ć«ćć£ć¦ä½æēØćććéēØćć¼ćæćć¼ć¹ć§ćÆćŖććē£ę»å°ēØć®ć¹ćæć³ćć¢ćć³åćć¼ćæćć¼ć¹ć§ććć®ćēę³ēć§ćć
ē£ę»ćć¼ćæćć¼ć¹ć«ćÆćOracleć³ć³ćć¼ćć³ćććć³ē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ēµ±åćććć¦ć¼ć¶ć¼ć»ć¢ććŖć±ć¼ć·ć§ć³ć«ćć£ć¦ēęćććē£ę»ć¤ćć³ććę ¼ē“ććć¾ćć
ę³Øę: ē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ćÆćē£ę»ćć¼ćæć»ć¹ćć¢ćØćÆå„ć®ćć®ć§ćć |
ćć®ćć¼ćæć»ć¹ćć¢ć®č©³ē“°ćÆćē¬¬13.3.4é ćåē §ćć¦ćć ćććRCUćä½æēØććē£ę»ć¹ćć¼ćć®ä½ęć®č©³ē“°ćÆćē¬¬14.2.1é ćåē §ćć¦ćć ććć
ē£ę»å®ē¾©ćć”ć¤ć«
ć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćē£ę»å®ē¾©ćć”ć¤ć«ćä½æēØćć¦ćē£ę»ćµć¼ćć¹ć«ćē£ę»ć¢ćÆć·ć§ć³ćē®”ēććē£ę»ć«ć¼ć«(ć¤ćć³ćććć£ć«ćæćŖć©)ćęå®ćć¾ćć
č©³ē“°ćÆć13.5é ćåē §ćć¦ćć ććć
ē£ę»ć¤ćć³ć
Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć§ćÆćć¢ććŖć±ć¼ć·ć§ć³ć®ē£ę»ć¤ćć³ćć«ē°”åć«ćććć³ć°ć§ććäøé£ć®ę±ēØć¤ćć³ććęä¾ććć¾ćććććć®ę±ēØć¤ćć³ćć«ćÆćčŖčؼćŖć©ć®å ±éć®ć¤ćć³ććå«ć¾ćć¦ćć¾ććć¾ććć¢ććŖć±ć¼ć·ć§ć³ćÆćć®ćć¬ć¼ć ćÆć¼ćÆć«ćććć¢ććŖć±ć¼ć·ć§ć³ć«åŗęćŖć¤ćć³ććå®ē¾©ććććØćć§ćć¾ćć
ćććć®ć¤ćć³ćć®å®ē¾©ćØę§ęćÆćOracle Platform Security Servicesć®ē£ę»ćµć¼ćć¹ć®äøéØćØćć¦å®č£ ććć¾ććę§ęćÆćEnterprise Manager (UI)ććć³WLST(ć³ćć³ćć©ć¤ć³ć»ćć¼ć«)ć«ććę“ę°ć§ćć¾ćć
ē£ę»ćć¼ćć¼
ē£ę»ćć¼ćć¼ćÆćOracle WebLogic Serverć¤ć³ć¹ćæć³ć¹ć®ć¢ćøć„ć¼ć«ć§ććććć®ć¤ć³ć¹ćæć³ć¹ć®ē£ę»ć¢ćÆćć£ććć£ććµćć¼ććć¾ććē£ę»ćć¼ćæć»ć¹ććę§ęćććØćē£ę»ćć¼ćć¼ćÆććć®ć¤ć³ć¹ćæć³ć¹å ć§å®č”ććć¦ćććć¹ć¦ć®ć³ć³ćć¼ćć³ćć«ć¤ćć¦ć®ē£ę»ć¬ć³ć¼ććåéćććććć®ć¬ć³ć¼ćććć¼ćæć»ć¹ćć¢ć«ćć¼ććć¾ćć
Javać³ć³ćć¼ćć³ćć®å “åćē£ę»ćć¼ćć¼ćÆćć³ć³ććčµ·åć®äøéØćØćć¦čµ·åććć¾ćć
ć·ć¹ćć ć»ć³ć³ćć¼ćć³ćć§ćÆć(registerAudit()
WLSTć³ćć³ććä½æēØćć¦)ē£ę»ć¹ćć¢ć«ē»é²ććć³ć³ććć®ē£ę»ćć¼ćć¼ćä½æēØćć¦ć¤ćć³ććć¢ćććć¼ćććććØććć³ćć³ćć©ć¤ć³ć®ć¹ćæć³ćć¢ćć³ē£ę»ćć¼ćć¼ćä½æēØććććØćć§ćć¾ćć
ē£ę»ććŖć·ć¼
ē£ę»ććŖć·ć¼ćØćÆćē¹å®ć®ć³ć³ćć¼ćć³ćć®ē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ćć£ć¦åå¾ćććć¤ćć³ćć®ćæć¤ćć®å®£čØć§ććJavać³ć³ćć¼ćć³ćć®å “åćē£ę»ććŖć·ć¼ćÆćć³ć³ćć¼ćć³ćć»ć¬ćć«ć¾ććÆćć”ć¤ć³ć»ć¬ćć«ć®ććććć§å®ē¾©ć§ćć¾ććć·ć¹ćć ć»ć³ć³ćć¼ćć³ćć®å “åćē£ę»ććŖć·ć¼ćÆć³ć³ćć¼ćć³ćć»ć¤ć³ć¹ćæć³ć¹ć»ć¬ćć«ć§ē®”ēććć¾ćć
Oracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ćÆćꬔć®ćććŖććć¤ćć®äŗåå®ē¾©ęøć®ććŖć·ć¼ć»ćæć¤ććēØęććć¦ćć¾ćć
ćŖć(åÆ¾č±”ć®ć³ć³ćć¼ćć³ćć«åƾćć¦ē£ę»ćÆē”å¹ć«ćŖć£ć¦ćć¾ć)
ä½(å®ē¾©ćÆć³ć³ćć¼ćć³ćć«ćć£ć¦ē°ćŖćć¾ć)
äø(å®ē¾©ćÆć³ć³ćć¼ćć³ćć«ćć£ć¦ē°ćŖćć¾ć)
é«(å®ē¾©ćÆć³ć³ćć¼ćć³ćć«ćć£ć¦ē°ćŖćć¾ć)
ć«ć¹ćæć (ē£ę»ć¤ćć³ćć®ēÆå²ćēµćććć«ćć£ć«ćæćå®č£ ćć¾ć)
ē£ę»ććŖć·ć¼ć®ć³ć³ćć¼ćć³ćć»ćæć¤ć
ē£ę»ććć³ć³ćć¼ćć³ćć®ćæć¤ććęćć¾ććććØćć°ćOracle Internet DirectoryćÆčŖčؼęć®ē£ę»åÆč½ć¤ćć³ćć®ć½ć¼ć¹ć«ćŖćć¾ćć
ć³ć³ćć¼ćć³ćććØć«ē£ę»åÆč½ćŖć¤ćć³ćć®ćŖć¹ććÆćē¬¬C.1é ćē£ę»ć¤ćć³ćććåē §ćć¦ćć ććć
ē£ę»ćµć¼ćć¹
ē£ę»ćµć¼ćć¹ć»ć¢ćć«ćÆćJava EEććć³SEć¢ććŖć±ć¼ć·ć§ć³ć§ē£ę»ę©č½ćå©ēØć§ććććć«ćęØęŗćć¼ć¹ć®ēµ±åćć¬ć¼ć ćÆć¼ćÆćęä¾ćć¾ćć
ćć¹ć¹ććć
ćć¹ć¹ććććÆćē£ę»ćć¼ćæć»ć¬ć³ć¼ććē£ę»ćć¼ćæć»ć¹ćć¢ć«ććć·ć„ćććåć«ę ¼ē“ććććć¼ć«ć«ć»ćć”ć¤ć«ć§ććē£ę»ćć¼ćæć»ć¹ćć¢ćę§ęććć¦ććŖćå “åćē£ę»ćć¼ćæćÆćććć®ćć¹ć¹ćććć»ćć”ć¤ć«ć«ę®ćć¾ćććć¹ć¹ćććć»ćć”ć¤ć«ćÆćåćåćć¦ē¹å®ć®ē£ę»ć¤ćć³ććē°”åć«č¦ć¤ććććØćć§ććć·ć³ćć«ćŖććć¹ćć»ćć”ć¤ć«ć§ććē£ę»ćć¼ćæć»ć¹ćć¢ćé åććć¦ććå “åććć¹ć¹ććććÆć³ć³ćć¼ćć³ććØē£ę»ćć¼ćæć»ć¹ćć¢éć®äøéēćŖå “ęćØćć¦ę©č½ćć¾ćććććć®ćć¼ć«ć«ć»ćć”ć¤ć«ćÆćę§ęåÆč½ćŖęéééć«åŗć„ćć¦ćē£ę»ćć¼ćæć»ć¹ćć¢ć«å®ęēć«ć¢ćććć¼ćććć¾ćć
ē£ę»ćć¼ćæć»ć¹ćć¢ć®äø»ćŖå©ē¹ćÆćč¤ę°ć®ć³ć³ćć¼ćć³ćć®ē£ę»ćć¼ćæ(ćć¹ć¦ć®ććć«ć¦ć§ć¢ć»ć³ć³ćć¼ćć³ććć¤ć³ć¹ćæć³ć¹ć«ćććčŖčؼ失ęćŖć©)ćć¬ćć¼ćå ć§é¢äæä»ćć¦ēµåć§ććē¹ć§ćć
ć¤ćć³ćć»ćć£ć«ćæ
äøéØć®ē£ę»ć¤ćć³ćć«ćÆćć¤ćć³ćććć°ć«čØé²ććęē¹ćå¶å¾”ćććć£ć«ćæćå®č£ ććć¦ćć¾ććććØćć°ćē¹å®ć®ć¦ć¼ć¶ć¼ć®Oracle Internet Directoryć³ć³ćć¼ćć³ććøć®ę£åøøćŖćć°ć¤ć³ć®ć¤ćć³ćć«ćć£ć«ćæćé©ēØć§ćć¾ćć
č©³ē“°ćÆćē¬¬14.3é ćē£ę»ććŖć·ć¼ć®ē®”ēććåē §ćć¦ćć ććć
ę§ęMBean
ē£ę»ę§ęćÆćć¹ć¦ćē£ę»ę§ęēØMbeansć«ćć£ć¦ē®”ēććć¾ććJavać³ć³ćć¼ćć³ćććć³ć¢ććŖć±ć¼ć·ć§ć³ć®å “åććććć®MbeansćÆćć”ć¤ć³ē®”ēćµć¼ćć¼å ć«ååØććē£ę»ę§ęćÆéäøē®”ēććć¾ććć·ć¹ćć ć»ć³ć³ćć¼ćć³ćć®å “åćÆćć³ć³ćć¼ćć³ćć»ć¤ć³ć¹ćæć³ć¹ććØć«å„ć ć®Mbeanć¤ć³ć¹ćæć³ć¹ćååØćć¾ććEnterprise Managerć®UIććć³ć³ćć³ćć©ć¤ć³ć»ćć¼ć«ć§ćÆććććć®Mbeansćä½æēØćć¦ćē£ę»ę§ęćē®”ēćć¾ćć
Oracle Business Intelligence Publisher
ē£ę»ćć¼ćæć»ć¹ćć¢å ć®ćć¼ćæćÆćOracle Business Intelligence Publisherć®ē¹å®ć®ć³ć³ćć¼ćć³ć(äø»ć«ć·ć¹ćć ć»ć³ć³ćć¼ćć³ć)ć§ä½æēØåÆč½ćŖäŗåå®ē¾©ęøć®ć¬ćć¼ćć«ććå ¬éććć¾ććć¦ć¼ć¶ć¼ćÆććććć®ć¬ćć¼ć ’ć«ćććę§ć ćŖåŗęŗć«åŗć„ćć¦ē£ę»ćć¼ćæćććŖć«ćć¦ć³ććććØćć§ćć¾ććä¾:
ć¦ć¼ć¶ć¼å
ęéēÆå²
ć¢ććŖć±ć¼ć·ć§ć³ć»ćæć¤ć
å®č”ć³ć³ććć¹ćID (ECID)
Oracle Business Intelligence Publisherćä½æēØćć¦ćē¬čŖć®ē£ę»ć¬ćć¼ććä½ęććććØćć§ćć¾ćć
Oracle Platform Security Services
Oracle Fusion Middlewareć®äø»č¦ć³ć³ćć¼ćć³ćć§ććOracle Platform Security ServicesćÆćJava Authentication and Authorization Service (JAAS)ćJava EEć»ćć„ćŖćć£ćŖć©ć®Javaę©č½ć«åƾåæććOracle Fusion Middlewareć®ć»ćć„ćŖćć£ć®å®č£ ć§ćć
OPSSć®č©³ē“°ćÆćē¬¬1.1é ćOracle Platform Security ServicesćØćÆććåē §ćć¦ćć ććć
ē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ćÆć”ćæćć¼ćæć»ć¢ćć«ć«åƾćććŖććøććŖćęä¾ććć³ć³ćć¼ćć³ćē£ę»å®ē¾©ćNLSēæ»čسćØć³ććŖćå®č”ęććŖć·ć¼ććć³ćć¼ćæćć¼ć¹ć»ćććć³ć°č”Øćå«ćæć¾ćć
ę³Øę: ē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ćÆćå®éć®ē£ę»ć¬ć³ć¼ććę ¼ē“ćććē£ę»ćć¼ćæć»ć¹ćć¢ćØćÆå„ć®ćć®ć§ćć |
ē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ćÆćꬔć®ćććŖéč¦ćŖē£ę»ę©č½ććµćć¼ććć¾ćć
ē£ę»ē»é²ćµć¼ćć¹ćÆćć¤ćć³ćå®ē¾©ćØć³ććŖćä½ęćå¤ę“ććć³åé¤ćć¾ćć
ē£ę»å®č”ęćµć¼ćć¹ćÆćć¤ćć³ćå®ē¾©ććć³å®č”ęććŖć·ć¼ćåå¾ćć¾ćć
ē£ę»ćć¼ćæć»ćć¼ćć¼ćÆćē£ę»ćć¼ćæćę ¼ē“ććććć®å±ę§ćć¼ćæćć¼ć¹ć»ćććć³ć°ćä½ęćć¾ćć
ē£ę»MBeanć³ćć³ććÆćć³ć³ćć¼ćć³ćē£ę»å®ē¾©ććć³å®č”ęććŖć·ć¼ćę¤ē“¢ćć¦å¤ę“ćć¾ćć
ē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆćꬔć®3ć¤ć®ćæć¤ćć®ć”ćæćć¼ćæć»ć¹ćć¢ććµćć¼ććć¦ćć¾ćć
XMLćć”ć¤ć«ćć¼ć¹
ćć¼ćæćć¼ć¹
LDAP
ę°ććć¢ććŖć±ć¼ć·ć§ć³ćē£ę»ćµć¼ćć¹ć«ē»é²ććććØćꬔć®ē£ę»ć¢ć¼ćć£ćć”ćÆććē£ę»ć¹ćć¢ć«ę ¼ē“ććć¾ćć
ć«ć¹ćæć å±ę§ć°ć«ć¼ććć«ćć“ćŖćć¤ćć³ćććć³ćć£ć«ćæć»ććŖć»ććå®ē¾©ćå«ćē£ę»ć¤ćć³ćå®ē¾©
ćć¼ć«ć©ć¤ćŗćććēæ»čسćØć³ććŖ
ć«ć¹ćæć å±ę§/ćć¼ćæćć¼ć¹åćććć³ć°č”Ø
å®č”ęē£ę»ććŖć·ć¼
å³13-1ć«ē¤ŗćććć«ćē£ę»ćć¼ćæćÆ2ć¤ć®ćæć¤ćć®čØę¶åć«é ē½®ć§ćć¾ćć
ē£ę»ćć¼ćæć®äøéēćŖčØę¶åćØćŖććć¹ć¹ćććć»ćć”ć¤ć«ćåć³ć³ćć¼ćć³ćć»ć¤ć³ć¹ćæć³ć¹ćÆåå„ć®ćć¹ć¹ćććć«ćć¼ćæćęøćč¾¼ćæć¾ćć
ćć¹ć¹ćććć»ćć”ć¤ć«ćÆćē£ę»ć¬ć³ć¼ćēØć«ććć«ä½æēØć§ććććć©ć«ćć®čØę¶åć”ć«ććŗć ć§ććć³ć³ćć¼ćć³ćććØć«åå„ć®ćć¹ć¹ćććć»ćć”ć¤ć«ćććć¾ćć
ćć¹ć¹ćććć»ćć”ć¤ć«ćÆććć¹ććć¼ć¹ć§ååćć容ęć§ććč©³ē“°ćÆćē¬¬13.3.1é ćē£ę»ć¢ć¼ćććÆćć£ććåē §ćć¦ćć ććć
ćć¼ćæćć¼ć¹å ć®ę°øē¶ēčØę¶å(ē£ę»ćć¼ćæć»ć¹ćć¢ćØćå¼ć°ćć¾ć)ć
ćć¼ćæćć¼ć¹ćä½æēØććå “åćÆććć”ć¤ć³å ć®ćć¹ć¦ć®Oracle Fusion Middlewareć¤ć³ć¹ćæć³ć¹ć®ćć¹ć¦ć®ć³ć³ćć¼ćć³ćć«ćć£ć¦ēęćććē£ę»ć¬ć³ć¼ćććåćć¹ćć¢ć«ęøćč¾¼ć¾ćć¾ććOracle Business Intelligence Publisherć¬ćć¼ććå©ēØććć«ćÆćē£ę»ćć¼ćæć»ć¹ćć¢ćä½æēØććåæ č¦ćććć¾ćć
ćć”ć¤ć«ćć¼ć¹ć®čØę¶åććē£ę»ćć¼ćæć»ć¹ćć¢ć«ē§»č”ć§ćć¾ććććć«ćÆåŗęć®ę§ęęé ćå®č”ććåæ č¦ćććć¾ććč©³ē“°ćÆćē¬¬14.2.3é ćJavać³ć³ćć¼ćć³ćēØć®ćć¼ćæćć¼ć¹ē£ę»ćć¼ćæć»ć¹ćć¢ć®ę§ęććåē §ćć¦ćć ććć
ćć¼ćæćć¼ć¹ć»ć¹ćć¢ćä½æēØććå©ē¹
ćć¹ć¹ćććć»ćć”ć¤ć«ć«ē£ę»ć¬ć³ć¼ććę ¼ē“ććå “åćå®ēØé¢ć§ę¬”ć®ćććŖå¶éćććć¾ćć
ćć”ć¤ć³ć»ć¬ćć«ć®ē£ę»ćć¼ćæćč”Øē¤ŗć§ćć¾ććć
Oracle BI Publisherć§ć¬ćć¼ććå®č”ć§ćć¾ććć
äøę¹ććć¼ćæćć¼ć¹ē£ę»ćć¼ćæć»ć¹ćć¢ćä½æēØćććØćꬔć®ćććŖå©ē¹ćå¾ććć¾ćć
Oracle Business Intelligence Publisherćä½æēØćć¦ć¬ćć¼ććä½ęć§ćć¾ćć
ćć¹ć¹ćććć§ćÆē£ę»ć¬ć³ć¼ććć¤ć³ć¹ćæć³ć¹åä½ć§ę ¼ē“ććć¾ććććć¼ćæćć¼ć¹ć»ć¹ćć¢ć§ćÆćć”ć¤ć³å ć®ćć¹ć¦ć®ć³ć³ćć¼ćć³ćć®ć¬ć³ć¼ććéäøē®”ēć§ćć¾ćć
ćć”ć¤ć«ćć¼ć¹ć®čØę¶åćØęÆč¼ćć¦ććć©ć¼ćć³ć¹ćåäøććåÆč½ę§ćććć¾ćć
ćć®ćććŖēē±ććććŖć©ćÆć«ē¤¾ćÆćē£ę»ę©č½ćę”å¼µććććć«ćć¼ćæćć¼ć¹ć»ć¹ćć¢ćøć®åęæćććč¦ććć¾ćć
Oracle Fusion Middlewareć§ćÆćę§é åć¬ćć¼ćä½ęēØć®ćć«ę©č½ćć¼ć«ćØćć¦ćOracle Business Intelligence Publisherćå©ēØć§ćć¾ććē¬čŖć®ć¬ćć¼ćä½ęć¢ććŖć±ć¼ć·ć§ć³ćä½æēØććććØćć§ćć¾ćć
Oracle Business Intelligence Publisherć§ćÆćꬔć®ćććŖå¤ę§ćŖäŗåå®ē¾©ęøć¬ćć¼ććä½æēØć§ćć¾ćć
ä½ęęøć¦ć¼ć¶ć¼ććć³åé¤ęøć¦ć¼ć¶ć¼
ć¦ć¼ć¶ć¼ć»ćć©ć³ć¶ćÆć·ć§ć³
čŖčؼćØčŖåÆć®å¤±ę
ććŖć·ć¼éå
Oracle Business Intelligenceć®ä½æēØ
ć¦ć¼ć¶ć¼åćę„ęć®ēÆå²ćŖć©ć®åŗęŗć«åŗć„ćć¦ć¬ć³ć¼ććéøęć§ćć¾ćć
Oracle Business IntelligencećÆććć¼ćæćć¼ć¹ē£ę»ć¹ćć¢ć§ć®ćæę©č½ćć¾ćććć¹ć¹ćććć»ćć”ć¤ć«ć§ćÆä½æēØć§ćć¾ććć
Oracle Business Intelligenceć§ä½æēØåÆč½ćŖäŗåå®ē¾©ęøē£ę»ć¬ćć¼ćć®ćæć¤ććÆćꬔć®ćØććć§ćć
ćØć©ć¼ćØä¾å¤
ęä½
ć¦ć¼ć¶ć¼ć»ć¢ćÆćć£ććć£
čŖčؼćØčŖåÆć®å±„ę“
ćć©ć³ć¶ćÆć·ć§ć³å±„ę“
č©³ē“°ćÆćē¬¬C.2é ććć«ćć¤ć³ē£ę»ć¬ćć¼ćććåē §ćć¦ćć ćććć¾ććē£ę»ć¹ćć¼ćć®č©³ē“°ę å ±ćä½æēØćć¦ćåæ č¦ć«åæćć¦ć«ć¹ćæć ē£ę»ć¬ćć¼ććä½ęććććØćć§ćć¾ćć
Oracle Fusion Middlewareć³ć³ćć¼ćć³ćććć³ć¢ććŖć±ć¼ć·ć§ć³ć§ę§ęćććē°å¢ćē£ę»ćć¦ććē®”ēč ć®č¦³ē¹ćććććØćę©č½ēćŖē£ę»ć·ć¹ćć ć®å®č£ ć«ćććéč¦ćŖꮵéćÆćꬔć®ćØććć§ćć
å ±éē£ę»ćć¬ć¼ć ćÆć¼ćÆć®ć¢ć¼ćććÆćć£ćēč§£ćć¾ćć
ćć¬ć¼ć ćÆć¼ćÆć®åæ é č¦ē“ ćć¢ćÆć·ć§ć³ć®ććć¼ććć³ē£ę»ćµć¼ćć¹ć»ć¢ćć«ć®ę©č½ćē¢ŗčŖććć«ćÆćē¬¬13.3.1é ćåē §ćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³ćē£ę»ćć¬ć¼ć ćÆć¼ćÆćØēµ±åćć¾ćć
ēµ±åęé ć®č©³ē“°ćÆćē¬¬25.2é ćåē §ćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³ć®ē£ę»ć¤ćć³ćććć³ććććē£ę»ć¹ćć¼ćć«ćććććę¹ę³ćčØčæ°ććē£ę»å®ē¾©ćć”ć¤ć«ćä½ęćć¾ćć
ćć®ććććÆć®č©³ē“°ćÆćē¬¬25.3é ćåē §ćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³ćē£ę»ćµć¼ćć¹ć«ē»é²ćć¾ćć
ē»é²ćęå¹ć«ććę¹ę³ćÆććć¤ćććć¾ććč©³ē“°ćÆć25.4é ćåē §ćć¦ćć ććć
ē£ę»ę å ±ććć¹ćē°å¢ććę¬ēŖē°å¢ć«ē§»č”ćć¾ćć
ē¬¬6.6.3é ćåē §ćć¦ćć ććć
ē£ę»ć¬ćć¼ććēęćć¾ćć
ē£ę»ć¬ćć¼ćä½ęć®ćć¼ć«ććć³ęę³ć®čŖ¬ęćÆćē¬¬15ē« ććć³ä»é²Cć«čØč¼ććć¦ćć¾ćć
ē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆćć¢ććŖć±ć¼ć·ć§ć³ććć®ē£ę»ć¢ć¼ćć£ćć”ćÆććęč»ć«ęå®ććććØćåÆč½ć«ććć”ćæćć¼ćæć»ć¢ćć«ććµćć¼ććć¦ćć¾ććć¢ććŖć±ć¼ć·ć§ć³ćÆå±ę§ć°ć«ć¼ććć«ćć“ćŖććć³ć¤ćć³ććåēć«å®ē¾©ć§ćć¾ćć
ćć®é ć®å 容ćÆꬔć®ćØććć§ćć
ꬔć®ćć¼ćć³ć°č¦åććć«ćć“ćŖåćć¤ćć³ćåććć³å±ę§åć«é©ēØććć¾ćć
ćć¹ć¦č±čŖć®ćæć§čØčæ°ććåæ č¦ćććć¾ćć
25ęå仄äøć«ććåæ č¦ćććć¾ćć
ä½æēØć§ććęåćÆćaććzćAććZććć³0ćć9ć®ćæć§ćć
å é ćÆč±åć«ććåæ č¦ćććć¾ćć
å±ę§ć°ć«ć¼ććÆē£ę»å±ę§ć®åŗēÆćŖåé”ćęä¾ććꬔć®3ć¤ć®ćæć¤ćććę§ęććć¾ćć
å ±éå±ę§ć°ć«ć¼ćć«ćÆćć³ć³ćć¼ćć³ćć»ćæć¤ććć·ć¹ćć IPć¢ćć¬ć¹ććć¹ćåćŖć©ććć¹ć¦ć®ć¢ććŖć±ć¼ć·ć§ć³ć«å ±éć®ć·ć¹ćć å±ę§ćå«ć¾ćć¾ćć
IAU_COMMONćć¼ćæćć¼ć¹č”Øć«ćÆććć®ć°ć«ć¼ćå ć®å±ę§ćå«ć¾ćć¾ćć
ę±ēØå±ę§ć°ć«ć¼ćć«ćÆćčŖčؼćć¦ć¼ć¶ć¼ć»ććććøć§ćć³ć°ćŖć©ć®ē£ę»ć¢ććŖć±ć¼ć·ć§ć³é åć«åƾććå±ę§ćå«ć¾ćć¾ćć
ć«ć¹ćæć å±ę§ć°ć«ć¼ćć«ćÆćē¹å®ć®ćć¼ćŗć«åæćć¦ć¢ććŖć±ć¼ć·ć§ć³ć§å®ē¾©ćććå±ę§ćå«ć¾ćć¾ććć«ć¹ćæć ć»ć°ć«ć¼ćć®å±ę§ćÆććć®ć³ć³ćć¼ćć³ćć®ć¹ć³ć¼ćć«éå®ććć¾ćć
č”Ø13-1ć«ććµćć¼ććććå±ę§ć®ćć¼ćæåćØåƾåæććJavaćŖććøć§ćÆćć»ćæć¤ććē¤ŗćć¾ćć
å
±éå±ę§ć°ć«ć¼ććÆćIAU_COMMON
ćć¼ćæćć¼ć¹č”Øć«ę ¼ē“ććć¦ćć¾ćć
ę±ēØå±ę§ć°ć«ć¼ććÆććć¼ć ć¹ćć¼ć¹ććć¼ćøć§ć³ēŖå·ććć³1ć¤ä»„äøć®å±ę§ć§å®ē¾©ććć¾ćććć®ä¾ćÆććć¼ć ć¹ćć¼ć¹authorization
ććć³ćć¼ćøć§ć³1.0ć®å±ę§ć°ć«ć¼ććå®ē¾©ćć¾ćć
<AuditConfig xmlns="http://xmlns.oracle.com/ias/audit/audit-2.0.xsd" > <Attributes ns="authorization" version="1.0"> <Attribute displayName="CodeSource" maxLength="2048" name="CodeSource" type="string"/> <Attribute displayName="Principals" maxLength="1024" name="Principals" type="string"/> <Attribute displayName="InitiatorGUID" maxLength="1024" name="InitiatorGUID" type="string"/> <Attribute displayName="Subject" maxLength="1024" name="Subject" type="string"> <HelpText>Used for subject in authorization</HelpText> </Attribute> </Attributes> ā¦ā¦
ć¢ććŖć±ć¼ć·ć§ć³ćÆćꬔć®ććć«CodeSource
å±ę§ćåē
§ć§ćć¾ćć
<Attribute name="CodeSource" ns="authorization" version="1.0" />
åę±ēØå±ę§ć°ć«ć¼ććÆćå°ēØć®ćć¼ćæćć¼ć¹č”Øć«ę ¼ē“ććć¾ćććć¼ćć³ć°č¦åćÆꬔć®ćØććć§ćć
č”ØåćÆIAU_
GENERIC_ATTRIBUTE_GROUP_NAME
č”Øć®åćÆIAU_
ATTRIBUTE_NAME
ććØćć°ćå±ę§ć°ć«ć¼ćauthorization
ćÆćꬔć®åćå«ććć¼ćæćć¼ć¹č”ØIAU_AUTHORIZATION
ć«ę ¼ē“ććć¦ćć¾ćć
ęååć§ććIAU_CODESOURCE
ęååć§ććIAU_PRINCIPALS
ęååć§ććIAU_INITIATORGUID
ć«ć¹ćæć å±ę§ć°ć«ć¼ććÆććć¼ć ć¹ćć¼ć¹ććć¼ćøć§ć³ēŖå·ććć³1ć¤ä»„äøć®å±ę§ć§å®ē¾©ććć¾ćć
å±ę§ćÆꬔć®ćć®ććę§ęććć¾ćć
å±ę§å
ćć¼ćæå
å±ę§/ćć¼ćæćć¼ć¹åćććć³ć°é åŗ(ćć®ććććć£ćÆćå±ę§ććć«ć¹ćæć å±ę§č”Øå ć®ē¹å®ć®ćć¼ćæåć®ćć¼ćæćć¼ć¹åć«ććććććé åŗćęå®ćć¾ć)
ćć«ćć»ććć¹ć(ćŖćć·ć§ć³)
ę大é·
č”Øē¤ŗå
ćµć¤ćŗ - ćć®ććććć£ćÆćå±ę§ć«å«ć¾ćć¦ćććć¼ćæåćåćå¤ć®ę°ćē¤ŗćć¾ćććµć¤ćŗć®ććć©ć«ćå¤ćÆ1ć§ćć1ćć大ćććµć¤ćŗćÆććć¼ćæåćåćå¤ćč¤ę°ęå®ć§ććč¤ę°å¤å±ę§ćē¤ŗćć¾ććč¤ę°å¤å±ę§ć§ćÆćbinary仄å¤ć®ćć¹ć¦ć®ćć¼ćæåććµćć¼ćććć¾ćć
ćć®ä¾ćÆććć¼ć ć¹ćć¼ć¹accounting
ććć³ćć¼ćøć§ć³1.0ć®å±ę§ć°ć«ć¼ćAccounting
ćå®ē¾©ćć¾ćć
<Attributes ns="accounting" version="1.0"> <Attribute name="TransactionType" displayName="Transaction Type" type="string" order="1"/> <Attribute name="AccountNumber" displayName="Account Number" type="int" order="2"> <HelpText>Account number.</HelpText> </Attribute> ā¦ā¦ </Attributes>
ꬔć®ä¾ćÆćAccountBalancećØććååć®č¤ę°å¤å±ę§ćē¤ŗćć¦ćć¾ćć
<Attribute order="3" displayName="AccountBalance" type="double" name="Balance" size="2" sinceVersion="1.1"> <MultiValues> <MultiValueName displayName="Previous Balance" index="0"> <HelpText>the previous account balance</HelpText> </MultiValueName> <MultiValueName displayName="Current Balance" index="1"/> </MultiValues> </Attribute>
ć«ć¹ćæć å±ę§ć°ć«ć¼ćććć³å±ę§ćÆćIAU_CUSTOMč”Øć«ę ¼ē“ććć¾ćć
ē£ę»ć¤ćć³ćć»ć«ćć“ćŖć«ćÆćę©č½é åå ć®é¢é£ć¤ćć³ććå«ć¾ćć¾ććććØćć°ćć»ćć·ć§ć³ć»ć«ćć“ćŖć«ćÆćć¦ć¼ć¶ć¼ć»ć»ćć·ć§ć³ć®ć©ć¤ććµć¤ćÆć«ć§éč¦ćŖćć°ć¤ć³ććć³ćć°ć¢ć¦ćć»ć¤ćć³ććå«ć¾ćć¾ćć
ć¤ćć³ćć»ć«ćć“ćŖčŖä½ćÆå±ę§ćå®ē¾©ćć¾ććććććć«ćć³ć³ćć¼ćć³ćå ć®å±ę§ććć³ć·ć¹ćć å±ę§ć°ć«ć¼ććåē §ćć¾ćć
ć¤ćć³ćć»ć«ćć“ćŖć«ćÆꬔć®2ć¤ć®ćæć¤ććććć¾ćć
ć·ć¹ćć ć»ć«ćć“ćŖ
ć³ć³ćć¼ćć³ććØć¢ććŖć±ć¼ć·ć§ć³ć»ć«ćć“ćŖ
é¢é£é ē®: ć·ć¹ćć ć»ć«ćć“ćŖććć³ć¤ćć³ćć®å®ē¾©ćÆćč”ØC-1ćåē §ćć¦ćć ććć |
ć·ć¹ćć ć»ć«ćć“ćŖćÆćå ±éććć³ę±ēØå±ę§ć°ć«ć¼ććåē §ććē£ę»ć¤ćć³ććå«ćæć¾ććć·ć¹ćć ć»ć«ćć“ćŖćÆćć³ć³ćć¼ćć³ćć»ć¤ćć³ćć»ć«ćć“ćŖććć³ć¤ćć³ćć®ćć¼ć¹ć»ć»ććć§ććć¢ććŖć±ć¼ć·ć§ć³ćÆććććē“ę„åē §ććē£ę»ć¤ćć³ććčØé²ćć¦ććć£ć«ćæć»ććŖć»ććå®ē¾©ćčØå®ć§ćć¾ćć
ꬔć®ä¾ćÆćć”ćæćć¼ćæć»ć¢ćć«ć®ććć¤ćć®č¦ē“ ćē¤ŗćć¦ćć¾ćć
å ±éå±ę§ć°ć«ć¼ć
ę±ēØå±ę§ć°ć«ć¼ćidentity
ćØauthorization
å
±éå±ę§AuthenticationMethodćåē
§ććå±ę§ćęć¤ć·ć¹ćć ć»ć«ćć“ćŖUserSession
UserLoginććć³UserLogoutćŖć©ć®ē£ę»ć¤ćć³ć
<SystemComponent major="1" minor="0"> +<Attributes ns="common" version ="1.0"></Attributes> +<Attributes ns="identity" version ="1.0"></Attributes> +<Attributes ns="authorization" version ="1.0"></Attributes> -<Events> -<Category name="UserSession" displayName="User Sessions"> -<Attributes> <Attribute name="AuthenticationMethod" ns="common" version ="1.0" /> </Attributes> -<HelpText></HelpText> -<Event name="UserLogin" displayName="User Logins" shortName="uLogin"></Event> -<Event name="UserLogout" displayName="User Logouts" shortName="uLogout" xdasName="terminateSession"></Event> -<Event name="Authentication" displayName="Authentication"></Event> -<Event name="InternalLogin" displayName="Internal Login" shortName="iLogin" xdasName="CreateSession"></Event> -<Event name="InternalLogout" displayName="Internal Logout" shortName="iLogout" xdasName="terminateSession"></Event> -<Event name="QuerySession" displayName="Query Session" shortName="qSession"></Event> -<Event name="ModifySession" displayName="Modify Session" shortName="mSession"></Event> </Category> +<Category displayName="Authorization" name="Authorization"></Category> +<Category displayName="ServiceManagement" name="ServiceManagement"></Category> </Events> </SystemComponent>
ć³ć³ćć¼ćć³ćć¾ććÆć¢ććŖć±ć¼ć·ć§ć³ćÆćć·ć¹ćć ć»ć«ćć“ćŖćę”å¼µććććę°ććć³ć³ćć¼ćć³ćć»ć¤ćć³ćć»ć«ćć“ćŖćå®ē¾©ć§ćć¾ćććć®ä¾ć§ćÆććć©ć³ć¶ćÆć·ć§ć³ć»ć«ćć“ćŖćÆaccounting
å±ę§ć°ć«ć¼ćć®å±ę§AccountNumberćDateććć³Amountćåē
§ććć¤ćć³ćpurchaseććć³depositćå«ćæć¾ćć
<Category displayName="Transaction" name="Transaction"> <Attributes> <Attribute name="AccountNumber" ns="accounting" version="1.0"/> <Attribute name="Date" ns="accounting" version="1.0" /> <Attribute name="Amount" ns="accounting" version="1.0" /> </Attributes> <Event displayName="purchase" name="purchase"/> <Event displayName="deposit" name="deposit"> <HelpText>depositing funds.</HelpText> </Event> ā¦ā¦ </Category>
ć·ć¹ćć ć»ć«ćć“ćŖćę”å¼µććć«ćÆćć¢ććŖć±ć¼ć·ć§ć³ē£ę»å®ē¾©å ć«ć«ćć“ćŖåē §ćä½ęćć¾ććć·ć¹ćć ć»ć«ćć“ćŖć«å«ć¾ććć·ć¹ćć ć»ć¤ćć³ćććŖć¹ćććććć«ę°ććå±ę§åē §ććć³ć¤ćć³ććčæ½å ćć¾ćć
ćć®ä¾ć§ćÆćę°ććć«ćć“ćŖććę°ććå±ę§åē
§ServiceTime
ćØę°ććć¤ćć³ćrestartService
ć§ćć·ć¹ćć ć»ć«ćć“ćŖServiceManagement
ćåē
§ćć¾ćć
<CategoryRef name="ServiceManagement" componentType="SystemComponent"> <Attributes> <Attribute name="ServiceTime" ns="accounting" version="1.0" /> </Attributes> <EventRef name="startService"/> <EventRef name="stopService"/> <Event displayName="restartService" name="restartService"> <HelpText>restart service</HelpText> </Event> </CategoryRef>
ꬔć®2ēØ®é”ć®å®ē¾©ćć”ć¤ć«ćććć¾ćć
component_events.xmlå®ē¾©ćć”ć¤ć«
ēæ»čسćć”ć¤ć«
component_events.xmlćć”ć¤ć«ć§ćÆćē£ę»ćµć¼ćć¹ć§ē£ę»ć¤ćć³ćććć°ć«čØé²ććéć«åæ č¦ćŖꬔć®ćććŖććććć£ćęå®ćć¾ćć
åŗę¬ććććć£ćØć”ćøć£ć¼ććć³ćć¤ćć¼ć»ćć¼ćøć§ć³
ć³ć³ćć¼ćć³ćć»ćæć¤ć(ć¢ććŖć±ć¼ć·ć§ć³ćē£ę»ćµć¼ćć¹ć«ē»é²ććå®č”ęē£ę»ć¤ć³ć¹ćæć³ć¹ćåå¾ććććć«ä½æēØććććććć£)
ć¢ććŖć±ć¼ć·ć§ć³ć®ć”ćøć£ć¼ććć³ćć¤ćć¼ć»ćć¼ćøć§ć³
1ć¤ć®ć«ć¹ćæć å±ę§ć°ć«ć¼ć(å«ć¾ććŖćå “åććć)
å±ę§åē §ććć³ć¤ćć³ććå«ćć¤ćć³ćć»ć«ćć“ćŖ
ć³ć³ćć¼ćć³ćć»ć¬ćć«ć»ćć£ć«ćæå®ē¾©
ꬔćå«ćå®č”ęććŖć·ć¼
filterPreset - ē£ę»ćć£ć«ćæć»ć¬ćć«ćęå®ćć¾ćć
specialUsers - åøøć«ē£ę»ććć¦ć¼ć¶ć¼ćęå®ćć¾ćć
maxBusstopDirSize
maxBusstopFileSize
å®č”ęććŖć·ć¼ć®č©³ē“°ćÆćē¬¬14.3é ćåē §ćć¦ćć ććć
component_events.xmlćć”ć¤ć«ć®ä¾ćē¤ŗćć¾ćć
<?xml version="1.0"?> <AuditConfig xmlns="http://xmlns.oracle.com/ias/audit/audit-2.0.xsd"> <AuditComponent componentType="ApplicationAudit" major="1" minor="0"> <Attributes ns="accounting" version="1.0"> <Attribute name="TransactionType" displayName="Transaction Type" type="string" order="1"> <HelpText>Transaction type.</HelpText> </Attribute> <Attribute name="AccountNumber" displayName="Account Number" type="int" order="2"> <HelpText>Account number.</HelpText> </Attribute> <Attribute name="Date" displayName="Date" type="dateTime" order="3"/> <Attribute name="Amount" displayName="Amount" type="float" order="4"> <HelpText>Transaction amount.</HelpText> </Attribute> <Attribute name="Status" displayName="Account Status" type="string" order="5"> <HelpText>Account status.</HelpText> </Attribute> </Attributes> <Events> <Category displayName="Transaction" name="Transaction"> <Attributes> <Attribute name="AccountNumber" ns="accounting" version="1.0" /> <Attribute name="Date" ns="accounting" version="1.0" /> <Attribute name="Amount" ns="accounting" version="1.0" /> </Attributes> <Event displayName="purchase" name="purchase"> <HelpText>direct purchase.</HelpText> </Event> <Event displayName="deposit" name="deposit"> <HelpText>depositing funds.</HelpText> </Event> <Event displayName="withdrawing" name="withdrawing"> <HelpText>withdrawing funds.</HelpText> </Event> <Event displayName="payment" name="payment"> <HelpText>paying bills.</Helc*ÕpText> </Event> </Category> <Category displayName="Account" name="Account"> <Attributes> <Attribute name="AccountNumber" ns="accounting" version="1.0" /> <Attribute name="Status" ns="accounting" version="1.0" /> </Attributes> <Event displayName="open" name="open"> <HelpText>Open a new account.</HelpText> </Event> <Event displayName="close" name="close"> <HelpText>Close an account.</HelpText> </Event> <Event displayName="suspend" name="suspend"> <HelpText>Suspend an account.</HelpText> </Event> </Category> </Events> <FilterPresetDefinitions> <FilterPresetDefinition displayName="Low" helpText="" name="Low"> <FilterCategory enabled="partial" name="Transaction">deposit.SUCCESSESONLY(HostId -eq "NorthEast"),withdrawing</FilterCategory> <FilterCategory enabled="partial" name="Account">open.SUCCESSESONLY,close.FAILURESONLY</FilterCategory> </FilterPresetDefinition> <FilterPresetDefinition displayName="Medium" helpText="" name="Medium"> <FilterCategory enabled="partial" name="Transaction">deposit,withdrawing</FilterCategory> <FilterCategory enabled="partial" name="Account">open,close</FilterCategory> </FilterPresetDefinition> <FilterPresetDefinition displayName="High" helpText="" name="High"> <FilterCategory enabled="partial" name="Transaction">deposit,withdrawing,payment</FilterCategory> <FilterCategory enabled="true" name="Account"/> </FilterPresetDefinition> </FilterPresetDefinitions> <Policy filterPreset="Low"> <CustomFilters> <FilterCategory enabled="partial" name="Transaction">purchase</FilterCategory> </CustomFilters> </Policy> </AuditComponent> </AuditConfig>
ēæ»čسćć”ć¤ć«ćÆćę§ć ćŖčØčŖć§ē£ę»å®ē¾©ćč”Øē¤ŗććććć«ä½æēØććć¾ćć
ē»é²ćµć¼ćć¹ć§ćÆćē¹å®ć®ć«ć¼ć«ćä½æēØćć¦ćć¢ććŖć±ć¼ć·ć§ć³ć«åƾćć¦ē£ę»ć”ćæćć¼ćæćä½ęććć¾ćććć®ć”ćæćć¼ćæćÆćē£ę»å®ē¾©ć®ę§ć ćŖćć¼ćøć§ć³ćē®”ēććē£ę»ćć¼ćæććć¼ććć¦ć¬ćć¼ććēęććććć«ä½æēØććć¾ćć
åē£ę»å®ē¾©ć«ćÆćę“ę°ć®ć”ćøć£ć¼ććć³ćć¤ćć¼ć»ćć¼ćøć§ć³ēŖå·ćåæ č¦ć§ć(ä¾: major = 1 minor=3)ćē£ę»ć¤ćć³ćå®ē¾©ćå¤ę“ććå “åćÆććć¤ćć¼ć¾ććÆć”ćøć£ć¼ēŖå·ććććÆćć®äø”ę¹ćå¤ę“ććććØć«ćććć¼ćøć§ć³IDćå¤ę“ććåæ č¦ćććć¾ćć
ē£ę»ē»é²ćµć¼ćć¹ćÆććć¼ćøć§ć³ēŖå·ćä½æēØćć¦ć¤ćć³ćå®ē¾©ć®äŗęę§ććć³ćć¼ćøć§ć³éć®å±ę§ćććć³ć°ćę±ŗå®ćć¾ćć
ę³Øę: ćććć®ćć¼ćøć§ć³ēŖå·ćÆOracle Fusion Middlewareć®ćć¼ćøć§ć³ēŖå·ćØćÆé¢äæććć¾ććć |
Oracleć³ć³ćć¼ćć³ćć®ćć¼ćøć§ćć³ć°
Oracleć³ć³ćć¼ćć³ćć®ē»é²ęćē£ę»ē»é²ćµć¼ćć¹ćÆććććåćć¦ć®ē»é²ć§ćććć¢ććć°ć¬ć¼ćć§ććććē¢ŗčŖćć¾ćć
ę°č¦ē»é²ć§ćÆććµć¼ćć¹ćÆꬔć®ęä½ćå®č”ćć¾ćć
ć³ć³ćć¼ćć³ćć®ē£ę»ććć³ēæ»čسę å ±ćåå¾ćć¾ćć
å®ē¾©ćč§£ęćć¦ę¤čؼććē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ć«ę ¼ē“ćć¾ćć
å±ę§/åćććć³ć°č”Øćēęććē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ć«äæåćć¾ćć
ć¢ććć°ć¬ć¼ćć«ć¤ćć¦ćÆćć”ćæćć¼ćæć»ć¹ćć¢å ć®ć³ć³ćć¼ćć³ćć®ē¾åØć®ć”ćøć£ć¼ććć³ćć¤ćć¼ēŖå·ćę°ććć”ćøć£ć¼ććć³ćć¤ćć¼ēŖå·ćØęÆč¼ćććć¢ććć°ć¬ć¼ććē¶č”ćććć©ćććę±ŗå®ćć¾ćć
JavaEEć¢ććŖć±ć¼ć·ć§ć³ć®ćć¼ćøć§ćć³ć°
ć¢ććŖć±ć¼ć·ć§ć³ć®ē£ę»å®ē¾©ć®å¤ę“ęć«ćÆćć”ćøć£ć¼ććć³ćć¤ćć¼ēŖå·ćꬔć®ććć«čØå®ććććØććč¦ććć¾ćć
ćć¤ćć¼ć»ćć¼ćøć§ć³ēŖå·ćÆććć¼ćøć§ć³äŗęć®å¤ę“(ę°ććē£ę»å®ē¾©ććēęćććå±ę§ćć¼ćæćć¼ć¹ć»ćććć³ć°č”Øćć仄åć®å±ę§ćć¼ćæćć¼ć¹ć»ćććć³ć°č”Øć§ä½ęćććē£ę»ćć¼ćæć§ććć®ć¾ć¾ä½æēØć§ćććććŖē£ę»å®ē¾©ć®å¤ę“)ćå ććå “åć«ć®ćæå¢ććć¾ćć
ććØćć°ćē¾åØć®å®ē¾©ćć¼ćøć§ć³ćmajor=2ććć³minor=1ć§ćććØćć¾ććå±ę§ćć¼ćæćć¼ć¹ć»ćććć³ć°č”Øć«å½±éæććŖćę°č¦ć¤ćć³ćć®čæ½å ęć«ćÆććć¤ćć¼ć»ćć¼ćøć§ć³ć2ć«å¤ę“ć(minor=2)ćć”ćøć£ć¼ēŖå·ćÆćć®ć¾ć¾ć«ćć¾ć(major=2)ć
ę°ćććććć³ć°č”Øć仄åć®č”ØćØäŗęę§ććŖććććŖćć¼ćøć§ć³å¤ę“ćå ććå “åć«ćÆćć”ćøć£ć¼ć»ćć¼ćøć§ć³ēŖå·ćå¢ććć¾ćć
ę°ććć³ć³ćć¼ćć³ćć¾ććÆć¢ććŖć±ć¼ć·ć§ć³ć®ē»é²ęćē»é²ćµć¼ćć¹ćÆć³ć³ćć¼ćć³ćć®ć«ć¹ćæć å±ę§ććå±ę§/ćć¼ćæćć¼ć¹åćććć³ć°č”Øćä½ęćććć®č”Øćē£ę»ć”ćæćć¼ćæć»ć¹ćć¢ć«äæåćć¾ćć
å±ę§/ćć¼ćæćć¼ć¹åćććć³ć°č”ØćÆćć¢ććŖć±ć¼ć·ć§ć³ć®å±ę§å®ē¾©ćØćć¼ćæćć¼ć¹åéć§äøęćŖćććć³ć°ćč”ćććć«åæ č¦ć§ććē£ę»ćć¼ćć¼ćÆćććć³ć°č”Øćä½æēØćć¦ćć¼ćæćē£ę»ć¹ćć¢ć«ćć¼ććć¾ććč”ØćÆć«ć¹ćæć ć»ćć¼ćæćć¼ć¹č”ØIAU_CUSTOMććē£ę»ć¬ćć¼ććēęććććć«ćä½æēØććć¾ćć
ć³ć³ćć¼ćć³ćć®ē£ę»å®ē¾©ć®č”Øē¤ŗ
WLSTć³ćć³ćcreateAuditDBView
ćä½æēØćć¦ćć³ć³ćć¼ćć³ćć®ē£ę»å®ē¾©ć®ćć¼ćæćć¼ć¹ć»ćć„ć¼ćä½ęć§ćć¾ćć
ć³ćć³ćę§ęć®č©³ē“°ćÆćä»é²CćOracle Fusion Middlewareē£ę»ćć¬ć¼ć ćÆć¼ćÆć»ćŖćć”ć¬ć³ć¹ććåē §ćć¦ćć ććć
createAuditDBView
ć³ćć³ććä½æēØććć«ćÆćć³ć³ćć¼ćć³ćć®å±ę§ććć¼ćæćć¼ć¹åć«ćććććććććæćēč§£ćć¦ććåæ
č¦ćććć¾ććč©³ē“°ćÆꬔć®čŖ¬ęćåē
§ćć¦ćć ććć
ć³ć³ćć¼ćć³ćć®ćććć³ć°č”Øć®ēč§£
ć«ć¹ćæć å±ę§/ćć¼ćæćć¼ć¹åćććć³ć°ć«ćÆćå±ę§åććć¼ćæćć¼ć¹ååććć³ćć¼ćæåć®ććććć£ćććć¾ćć
åć«ć¹ćæć å±ę§å®ē¾©ć«ćÆććććć³ć°é åŗēŖå·ćå«ć¾ćć¦ććåæ č¦ćććć¾ććåććć¼ćæåć®å±ę§ćÆćå±ę§ćććć³ć°é åŗć«å¾ć£ć¦ćć¼ćæćć¼ć¹åć«ćććććć¾ććććØćć°ćꬔć®ćććŖå®ē¾©ćć”ć¤ć«ććććØćć¾ćć
<Attributes ns="accounting" version="1.1"> <Attribute name="TransactionType" type="string" maxLength="0" displayName="Transaction Type" order="1"/> <Attribute name="AccountNumber" type="int" displayName="Account Number" order="2"> <Attribute name="Date" type="dateTime" displayName="Date" order="3"/> <Attribute name="Amount" type="float" displayName="Amount" order="4"/> <Attribute name="Status" type="string" maxLength="0" displayName="Account Status" order="5"/> <Attribute name="Balance" type="float" displayName="Account Balance" order="6"/> </Attributes>
ćććć³ć°ćÆꬔć®ććć«ćŖćć¾ćć
<AttributesMapping ns="accounting" tableName="IAU_CUSTOM" version="1.1"> <AttributeColumn attribute="TransactionType" column="IAU_STRING_001" datatype="string"/> <AttributeColumn attribute="AccountNumber" column="IAU_INT_001" datatype="int"/> <AttributeColumn attribute="Date" column="IAU_DATETIME_001" datatype="dateTime"/> <AttributeColumn attribute="Amount" column="IAU_FLOAT_001" datatype="float"/> <AttributeColumn attribute="Status" column="IAU_STRING_002" datatype="string"/> <AttributeColumn attribute="Balance" column="IAU_FLOAT_002" datatype="float"/> </AttributesMapping>
å±ę§/ćć¼ćæćć¼ć¹åćććć³ć°č”Øć®ćć¼ćøć§ć³IDćÆćć«ć¹ćæć å±ę§ć°ć«ć¼ćć®ćć¼ćøć§ć³IDć«äøč“ćć¾ććććć«ćććć¢ććŖć±ć¼ć·ć§ć³ćÆē°ćŖćē£ę»å®ē¾©ćć¼ćøć§ć³éć§ććå±ę§ćććć³ć°ć®å¾ę¹äŗęę§ćē¶ęć§ćć¾ćććć¼ćøć§ćć³ć°ć®č©³ē“°ćÆćē¬¬13.5.3.1é ćåē §ćć¦ćć ććć
ććć§ćÆććć®ćŖćŖć¼ć¹ć§å°å „ćććęćéč¦ćŖå¤ę“ć«ć¤ćć¦čŖ¬ęćć¾ćć
ćŖćŖć¼ć¹12.1.2.0.0ć§å°å „ćććę©č½ććć³ććć„ć”ć³ćć®å¤ę“ćÆꬔć®ćØććć§ćć
ę©č½
ćć®ćŖćŖć¼ć¹ć§å°å „ćććę©č½ćÆꬔć®ćØććć§ćć
ćć”ć¤ć³ć®ä½ęć¾ććÆę”å¼µć§ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆććć·ć¼ćććććć®ćć³ćć¬ć¼ćć®ä½æēØćććć³12.1.2ć«ć¢ććć°ć¬ć¼ćććććć®ę°ććęé ćč©³ē“°ćÆćē¬¬7ē« ćć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®ć©ć¤ććµć¤ćÆć«ććåē §ćć¦ćć ććć
ććć„ć”ć³ć
ćć®ćŖćŖć¼ć¹ć§å°å „ćććććć„ć”ć³ćć®å¤ę“ćÆꬔć®ćØććć§ćć
WLSTć³ćć³ćć®åē §ę å ±ćÆććć®ć¬ć¤ćććåé¤ććć¾ććććć®å 容ćÆē¾åØććOracle Fusion Middlewareć¤ć³ćć©ć¹ćć©ćÆćć£ć»ć»ćć„ćŖćć£WLSTć³ćć³ćć»ćŖćć”ć¬ć³ć¹ćć«å«ć¾ćć¦ćć¾ćć
ē£ę»ć¬ćć¼ćć«é¢ććę§ć ćŖćŖćć·ć§ć³ć«ć¤ćć¦čŖ¬ęćć¦ćć¾ććē¬¬15.1é ćåē §ćć¦ćć ććć
ē£ę»ć·ć¹ćć ć®å±ę§ććć³ć¤ćć³ćć®č©³ē“°ćåē §ć§ćć¾ććč”ØC-1ććć³č”ØC-5ćåē §ćć¦ćć ććć
Oracle Platform Security Services (OPSS)ćÆććµćć¼ćåÆ¾č±”ć®ćć©ćććć©ć¼ć ć¾ććÆć¹ćæć³ćć¢ćć³ć»ć¢ććŖć±ć¼ć·ć§ć³ć«ćććć¤ćććć¢ććŖć±ć¼ć·ć§ć³ćäæč·ććć»ćć„ćŖćć£ć»ćć©ćććć©ć¼ć ć§ćć
ćć®ē« ć§ćÆćꬔć®åé ć§ćć®ćć©ćććć©ć¼ć ć®äø»ćŖę©č½ćē“¹ä»ćć¾ćć
ćć®ććć„ć”ć³ćć§ćÆćOracle Webćµć¼ćć¹ć®ć»ćć„ćŖćć£ć«ć¤ćć¦ćÆčŖ¬ęćć¾ććććć®ććććÆć®č©³ē“°ćÆććOracle Web Services Managerć«ććWebćµć¼ćć¹ć®äæč·ćØććŖć·ć¼ć®ē®”ēććåē §ćć¦ćć ććć
OPSSćÆććØć³ćæć¼ćć©ć¤ćŗč£½åéēŗćć¼ć ćć·ć¹ćć ć»ć¤ć³ćć°ć¬ć¼ćæććć³ē¬ē«ē³»ć½ććć¦ć§ć¢ć»ćć³ćć¼åćć«ćJava SEć¢ććŖć±ć¼ć·ć§ć³ććć³Java EEć¢ććŖć±ć¼ć·ć§ć³ć§ä½æēØć§ćććęØęŗć«åŗć„ććē§»ę¤åÆč½ć§ćØć³ćæć¼ćć©ć¤ćŗć»ć¬ćć«ć®ēµ±åć»ćć„ćŖćć£ć»ćć¬ć¼ć ćÆć¼ćÆćęä¾ćć¾ćć
ć¾ććåŗē¤ćØćŖćć»ćć„ćŖćć£ć»ćć©ćććć©ć¼ć ćØćć¦ćWebLogic ServerćServer Oriented Architecture (SOA)ć¢ććŖć±ć¼ć·ć§ć³ćOracle WebCenterćOracle Application Development Framework (ADF)ć¢ććŖć±ć¼ć·ć§ć³ćOracle Entitlement ServerćŖć©ć®Oracle Fusion Middlewareć«ć»ćć„ćŖćć£ćęä¾ćć¾ćć
OPSSć§ćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ććć°ć©ćć³ć°ć»ć¤ć³ćæćć§ć¼ć¹(API)ćØćć¦ę½č±”ć¬ć¤ć¤ć¼ćęä¾ćć¦ćć¾ććććć«ćććéēŗč ćÆćć»ćć„ćŖćć£ććć³ć¢ć¤ćć³ćć£ćć£ē®”ēć®å®č£ ć®č©³ē“°ć«é¢äøććåæ č¦ććŖććŖćć¾ććOPSSćä½æēØććć°ćéēŗč ćÆćęå·ćć¼ć®ē®”ēććŖććøććŖć»ć¤ć³ćæćć§ć¼ć¹ćä»ć®ć¢ć¤ćć³ćć£ćć£ē®”ēć¤ć³ćć©ć¹ćć©ćÆćć£ć«ć¤ćć¦č©³ććęę”ćć¦ććåæ č¦ćććć¾ćććē¤¾å éēŗć¢ććŖć±ć¼ć·ć§ć³ććµć¼ćć»ćć¼ćć£ć»ć¢ććŖć±ć¼ć·ć§ć³ććć³ēµ±åć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćOPSSćä½æēØććććØć§ćä¼ę„å Øä½ć§ēµ±äøćććåäøć®ć»ćć„ćŖćć£ć»ćµć¼ćć¹ćć¢ć¤ćć³ćć£ćć£ē®”ēćµć¼ćć¹ććć³ē£ę»ćµć¼ćć¹ćå©ēØć§ćć¾ćć
FAQćććÆć¤ććć¼ćć¼ććµć³ćć«ć»ć³ć¼ćććć©ć¼ć©ć ć»ćć£ć¹ć«ćć·ć§ć³ćŖć©ćOPSSé¢é£ć®ćć„ć¼ć¹ćÆćhttp://www.oracle.com/technology/products/id_mgmt/opss/index.html
ćåē
§ćć¦ćć ććć
OPSSćÆććć¼ć«ćć¼ć¹ć®ć¢ćÆć»ć¹å¶å¾”(RBAC)ćJava Enterprise Edition (Java EE)ććć³Java Authorization and Authentication Services (JAAS)ć®åęØęŗć«ęŗę ćć¦ćć¾ćć
ćććć®ęØęŗć«åŗć„ćć¦ććOPSSćÆćꬔć®ę©č½ććµćć¼ćććēµ±åć»ćć„ćŖćć£ć»ćć©ćććć©ć¼ć ćęä¾ćć¾ćć
čŖčؼ
IDć¢ćµć¼ć·ć§ć³
ćć”ć¤ć³ć°ć¬ć¤ć³JAASćć¼ććć·ć§ć³ć«åŗć„ććčŖåÆ
ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć®ęå®ćØē®”ē
č³ę ¼čؼęć¹ćć¢ć»ćć¬ć¼ć ćÆć¼ćÆćä½æēØććć·ć¹ćć č³ę ¼čؼęć®ć»ćć„ć¢ćŖę ¼ē“ćØć¢ćÆć»ć¹
ćć¼ć¹ćć¢ć»ćµć¼ćć¹ćä½æēØćććć¼ćØčؼęęøć®ć»ćć„ć¢ćŖę ¼ē“ćØć¢ćÆć»ć¹
ē£ę»
ćć¼ć«ē®”ēćØćć¼ć«ć»ćććć³ć°
ć¦ć¼ć¶ć¼ććć³ćć¼ć«API
IDä»®ę³å
ć»ćć„ćŖćć£ć®ę§ęćØē®”ē
SAMLćØXACML
Oracle Security Developer Tools(ęå·åćć¼ć«ćŖć©)
ććŖć·ć¼ē®”ēAPI
Java Authorization Contract for Containers (JACC)
ē¹å®ć®OPSSę©č½ć®č©³ē“°ćÆććć®ć¬ć¤ćć®č©²å½ććē« ćåē §ćć¦ćć ććć
WebLogicē£ę»ćććć¤ćć®č©³ē“°ćÆććOracle WebLogic Serverć»ćć„ćŖćć£ć®ē®”ēćć®WebLogicē£ę»ćććć¤ćć®ę§ęć«é¢ććčŖ¬ęćåē §ćć¦ćć ććć
OPSSćÆćOracle WebLogic Serverć¢ććŖć±ć¼ć·ć§ć³ć»ćć©ćććć©ć¼ć ć§ćµćć¼ćććć¦ćć¾ćć
OPSSćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ćµć¼ćć¼ć®ć»ćć„ćŖćć£ćØOracle Fusion Middlewareć®ć»ćć„ćŖćć£ć§ę§ęććć¾ććå³1-1ćÆććć®2ć¤ć®ć»ćć„ćŖćć£ć»ćć¬ć¼ć ćÆć¼ćÆćēµćæåććé層åć¢ć¼ćććÆćć£ćē¤ŗćć¦ćć¾ćć
äøēŖäøć®ć¬ć¤ć¤ć¼ć«ćÆOPSSć»ćć„ćŖćć£ć»ćµć¼ćć¹ćꬔć®ć¬ć¤ć¤ć¼ć«ćÆćµć¼ćć¹ć»ćććć¤ććäøēŖäøć®ć¬ć¤ć¤ć¼ć«ćÆ3ēØ®é”ć®å ć®1ć¤ć®ćŖććøććŖćä½æēØććOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćććććå«ć¾ćć¾ćć
ć»ćć„ćŖćć£ć»ćµć¼ćć¹ć»ćććć¤ć
ć»ćć„ćŖćć£ć»ćµć¼ćć¹ć»ćććć¤ćć»ć¤ć³ćæćć§ć¼ć¹(SSPI)ć«ćć£ć¦ćJava EEć³ć³ććć»ć»ćć„ćŖćć£ććć³ē°å¢ć«åæćććŖć½ć¼ć¹ćć¼ć¹ć®čŖåÆćęä¾ććć¾ćć
SSPIćÆććć©ć¬ćć«ćŖć»ćć„ćŖćć£ć»ćććć¤ććå®č£ ććććć®äøé£ć®APIć§ćććććć®ć¤ć³ćæćć§ć¼ć¹ćå®č£ ććć¢ćøć„ć¼ć«ćSSPIć«ćć©ć°ć¤ć³ććććØć§ćć«ć¹ćæć čŖčؼćē¹å®ć®ćć¼ć«ć»ćććć³ć°ćŖć©ć®ē¹å„ćŖćæć¤ćć®ć»ćć„ćŖćć£ć»ćµć¼ćć¹ćęä¾ć§ćć¾ćć
č©³ē“°ćÆććOracle WebLogic Serverć»ćć„ćŖćć£ć®ēč§£ćć®ć»ćć„ćŖćć£ć»ćµć¼ćć¹ć»ćććć¤ćć»ć¤ć³ćæćć§ć¼ć¹(SSPI)ć«é¢ććčŖ¬ęćåē §ćć¦ćć ććć
Oracle Platform Security Services
Java Authorization (JAZN)ę©č½ć«ćÆćč³ę ¼čؼęć¹ćć¢ć»ćć¬ć¼ć ćÆć¼ćÆ(CSF)ćå ±éē£ę»ćć¬ć¼ć ćÆć¼ćÆ(CAF)ććć¼ć¹ćć¢ć»ćµć¼ćć¹ććć³ćć®ä»ć®ć³ć³ćć¼ćć³ććå«ć¾ćć¾ććć¾ććSSPIćØēµåćć¦Oracle Platform Security Services (OPSS)ćę§ęćć¾ćć
OPSSć«ćÆćꬔć®å©ē¹ćććć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ćØćć”ć¤ć³ć®åé”ć«åƾććéēŗćŖć½ć¼ć¹ć®éäøćåÆč½
ćØć³ćæć¼ćć©ć¤ćŗć»ćććć¤ć”ć³ćć®ćµćć¼ć
č¤ę°ć®LDAPćµć¼ćć¼ććć³SSOć·ć¹ćć ć®ćµćć¼ć
Oracle WebLogic Serverć§čŖå®ęøć§ćć
Oracleć®č£½åććć³ććÆćććøćØć®äŗåēµ±å
éēŗč ććć³ē®”ēč ć®äøč²«ććć»ćć„ćŖćć£ć»ćØćÆć¹ććŖćØć³ć¹
ćććććæć¤ćć®ć¢ććŖć±ć¼ć·ć§ć³ćåÆ¾č±”ć«ććAPIć®ēµ±äøć»ćć
ę½č±”ć¬ć¤ć¤ć¼(宣čØēAPI)ć«ććéēŗęéć®ęé©å
ć¢ććŖć±ć¼ć·ć§ć³ć®ć»ćć„ćŖćć£ć»ć”ć³ććć³ć¹ć®ē°”ē“ å
ć¢ććŖć±ć¼ć·ć§ć³ć»ć³ć¼ćć®å¤ę“ćåæ č¦ćØććŖććć»ćć„ćŖćć£ć»ć«ć¼ć«ć®å¤ę“
ē®”ēč ć®ä½ę„ć®č² č·č»½ęø
ć¢ć¤ćć³ćć£ćć£ē®”ēć·ć¹ćć ćØć®ēµ±å
OPSSćÆćSSPIćØJPSćēµåććććØć§ćć¢ććŖć±ć¼ć·ć§ć³ć»ćµć¼ćć¼ćØOracleć¢ććŖć±ć¼ć·ć§ć³ćåäøć®ē°å¢ć§ć·ć¼ć ć¬ć¹ć«å®č”åÆč½ćŖćć¬ć¼ć ćÆć¼ćÆćęä¾ćć¾ćć
OPSSć§ćÆćJava EEć¢ććŖć±ć¼ć·ć§ć³ććć³Oracle Fusion Middlewareć¢ććŖć±ć¼ć·ć§ć³(Oracle WebCenterćOracle SOA SuitećŖć©)ć®ć»ćć„ćŖćć£ććµćć¼ććć¦ćć¾ćć
éēŗč ćÆćOPSSć®APIćä½æēØććććØć§ććććććæć¤ćć®ć¢ććŖć±ć¼ć·ć§ć³ćäæč·ććä»ć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆć(LDAPćµć¼ćć¼ćRDBMSćć«ć¹ćæć ć®ć»ćć„ćŖćć£ć»ć³ć³ćć¼ćć³ććŖć©)ćØēµ±åć§ćć¾ćć
ē®”ēč ćÆćOPSSćä½æēØććććØć§ć大č¦ęØ”ćŖćØć³ćæć¼ćć©ć¤ćŗć»ć¢ććŖć±ć¼ć·ć§ć³ćå°č¦ęØ”ćŖäøå®ć®ćć¼ć«ć»ć»ććć§ćććć¤ćććććć®ć¢ććŖć±ć¼ć·ć§ć³ć®ć»ćć„ćŖćć£å Øä½ćē®”ēć§ćć¾ććOPSSć«ćććć¢ććŖć±ć¼ć·ć§ć³ć»ć³ć¼ććå¤ę“ććććØćŖćć»ćć„ćŖćć£ę§ęćå¤ę“ć§ćććććć¢ććŖć±ć¼ć·ć§ć³ć»ć»ćć„ćŖćć£ć®ć”ć³ććć³ć¹ćē°”åć«ćŖćć¾ćć
Oracle WebLogic Serverć§ćÆćććć©ć«ćć§čæ½å čØå®ćŖćć«ćć¦ć¼ć¶ć¼ćØć°ć«ć¼ćććć®åč¾¼ćæLDAPćŖććøććŖć«ę ¼ē“ććć¾ćććŖććä»ć®ēØ®é”ć®LDAPćŖććøććŖć«ććć¢ć¤ćć³ćć£ćć£ć»ćć¼ćæćä½æēØććććć«ćć”ć¤ć³ćę§ęććććØćć§ćć¾ćććć®ćććŖLDAPćŖććøććŖćØćć¦ćOracle Internet DirectoryćActive DirectoryćNovell eDirectoryćOpenLDAPćŖć©ćććć¾ććććć«ćOracle WebLogic Serverć§ćÆćććć«ććć¦ććŖćä»ć®LDAPćµć¼ćć¼ć§ä½æēØć§ććę±ēØēćŖććć©ć«ćć®LDAPčŖčؼćććć¤ććęä¾ćć¦ćć¾ćć
ććŖć·ć¼ććć³č³ę ¼čؼęćÆćē¹å„ćŖčØå®ćććŖćć¦ććć”ć¤ć«ćć¼ć¹ć®ć¹ćć¢ć«ę ¼ē“ććć¾ćććććć®ć¹ćć¢ćÆćOracle Internet Directoryć®ęÆę“ćåććLDAPćŖććøććŖć«ē§»å(åé¢é£ä»ć)ć§ćć¾ćć
åŗč·ęć«ćÆćć¼ććć³čؼęęøćÆćć”ć¤ć«ćć¼ć¹ć®ćć¼ć¹ćć¢ć«ę ¼ē“ććć¦ćć¾ććććć¼ćæćć¼ć¹ć¾ććÆLDAPćŖććøććŖć«åé¢é£ä»ćććććØćć§ćć¾ćć
Oracle ADFćÆććØć³ććć¼ćØć³ćJava EEćć¬ć¼ć ćÆć¼ćÆć§ććććć«ćć£ć¦ćčæ½å čØå®ćŖćć§ä½æēØć§ććć¤ć³ćć©ć¹ćć©ćÆćć£ć»ćµć¼ćć¹ćØćč¦č¦ēć§å®£čØēćŖéēŗćØćÆć¹ććŖćØć³ć¹ćęä¾ćććéēŗćē°”ē“ åććć¾ćć
Oracle ADFć®ć»ćć„ćŖćć£ćÆJAASć»ćć„ćŖćć£ć»ć¢ćć«ć«åŗć„ćć¦ććććć®ć¢ćć«ćÆOPSSćä½æēØćć¦ćć¾ććOracle ADFć®ć»ćć„ćŖćć£ć§ćÆććć”ć¤ć«ćć¼ć¹ćLDAPćć¼ć¹ć¾ććÆDBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ććµćć¼ććććOPSSćęä¾ćććć¼ććć·ć§ć³ćć¼ć¹ć®ćć”ć¤ć³ć°ć¬ć¤ć³čŖåÆćä½æēØćććč¦č¦ē宣čØēćØćć£ćæććć³Oracle ADFć»ćć„ćŖćć£ć»ć¦ć£ć¶ć¼ććä½æēØććććØć«ćć£ć¦ć¢ććŖć±ć¼ć·ć§ć³ć»ć»ćć„ćŖćć£ć®ę§ęćē°”åć«ćŖćć¾ććććććÆćć¹ć¦Oracle JDeveloper 11gć«ēØęććć¦ćć¾ć(ćć®ć¬ć¤ćć§ćÆćć®ćć¼ć«ć«é¢ććåē §ćÆćć¹ć¦11gćŖćŖć¼ć¹ēØć®ćć®ć§ć)ć
Oracle ADFć®ć»ćć„ćŖćć£ć®čŖåÆćÆćć³ć³ćć¼ćć³ć(ććć¼ćØćć¼ćø)ć®äæč·ćåÆč½ć«ććčØčØęć«ćÆOracle JDeveloperćØēµ±åććć¾ććéåøøćć»ćć„ćŖćć£ę©č½ć®ćć¹ććå®č”ććēµ±åćµć¼ćć¼ć«ć¢ććŖć±ć¼ć·ć§ć³ććććć¤ććå “åćÆćå®č”ęć«Oracle ADFć®ć»ćć„ćŖćć£ć®čŖåÆćåÆč½ć§ćć
Oracle ADFć¢ććŖć±ć¼ć·ć§ć³ć®éēŗꮵéć§ćOracle WebLogic Serverē®”ēć³ć³ć½ć¼ć«ćä½æēØććć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤å
ćØććē¹å®ć®ćć”ć¤ć³ć§čŖčؼćććć¤ććę§ęćć¾ććć¾ćććć”ć¤ć«ćć¼ć¹ćØććććŖć·ć¼ć»ć¹ćć¢ććć”ć¤ć«jazn-data.xml
ć«ę ¼ē“ćć¾ćććććć¤ć®č©³ē“°ćÆćē¬¬6.3.1é
ććć¹ćē°å¢ćøć®ćććć¤ććåē
§ćć¦ćć ććć
č¦ē“ćććØćOracle ADFć®ć»ćć„ćŖćć£ć«ćć£ć¦ęä¾ććććć®ćÆꬔć®ćØććć§ćć
č©³ē“°ćŖ宣čØēć»ćć„ćŖćć£ć®å¶å¾”
ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®č¦č¦ē宣čØēéēŗ
ćć¼ć«é層ć§ć®ē°”ē“ åćććć¼ććć·ć§ć³ć®å²å½ć¦
EL(å¼čØčŖ)ćä½æēØććOracle ADFćŖć½ć¼ć¹ćøć®ć¢ćÆć»ć¹
čæ éćŖéēŗćØćć¹ćć»ćµć¤ćÆć«ćåÆč½ć«ććOracle JDeveloperćØć®ēµ±å
ćŖćććŖWebć¦ć¼ć¶ć¼ć»ć¤ć³ćæćć§ć¼ć¹ćØē°”ē“ åććććć¼ćæćć¼ć¹ć»ć¢ćÆć»ć¹
é¢é£ę å ±ć«ć¤ćć¦ćÆććć·ććŖćŖ2: Oracle ADFć¢ććŖć±ć¼ć·ć§ć³ć®äæč·ććåē §ćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³ć»ćæć¤ćć«åæćć¦ćOracle WebLogicē®”ēć³ć³ć½ć¼ć«ćWLSTć³ćć³ććFusion Middleware Controlć¾ććÆOracle Entitlements Serverćä½æēØćć¦ć¢ććŖć±ć¼ć·ć§ć³ć»ć»ćć„ćŖćć£ćē®”ēććć¬ć¤ćć©ć¤ć³ćÆꬔć®ććć«ćŖćć¾ćć
Java EEć¢ććŖć±ć¼ć·ć§ć³ć®å “åćÆćć»ćć„ćŖćć£ćOracle WebLogicē®”ēć³ć³ć½ć¼ć«ćOracle Entitlements Serverć¾ććÆWLSTć³ćć³ćć§ē®”ēćć¾ćć
Oracle SOAćOracle WebCenterćMDSććć³Oracle ADFć®åć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćOracle WebLogicē®”ēć³ć³ć½ć¼ć«ć§čŖčؼćē®”ēććFusion Middleware Controlććć³Oracle Entitlements Serverć§čŖåÆćē®”ēćć¾ćć
OPSSć«ēµ±åććJava EEć¢ććŖć±ć¼ć·ć§ć³ć®å “åćOracle WebLogicē®”ēć³ć³ć½ć¼ć«ć§čŖčؼćē®”ēććFusion Middleware Controlććć³Oracle Entitlements Serverć§čŖåÆćē®”ēćć¾ćć
ć»ćć„ćŖćć£ē®”ēć®č©³ē“°ćÆćē¬¬5ē« ćć»ćć„ćŖćć£ē®”ēććåē §ćć¦ćć ććć
ćć®é ć§ćÆćꬔć®åć·ććŖćŖć§ćć¢ććŖć±ć¼ć·ć§ć³ćäæč·ććććć«äøč¬ēć«ä½æēØćććäø»ćŖOPSSę©č½ćć¾ćØćć¦ćć¾ćć
ćć®ä»ć®ć¦ć¼ć¹ć±ć¼ć¹ć«ć¤ćć¦ćÆćē¬¬16.2é ćć»ćć„ćŖćć£ēµ±åć®ć¦ć¼ć¹ć±ć¼ć¹ććåē §ćć¦ćć ććć
CSFćć¦ć¼ć¶ć¼/ćć¼ć«ćććŖć·ć¼ē®”ēćŖć©ć®OPSS APIćä½æēØććććć«Java EEć¢ććŖć±ć¼ć·ć§ć³ćę”å¼µć§ćć¾ććć¦ć¼ć¶ć¼ć®é»åć”ć¼ć«ćé»č©±ćä½ęćŖć©ć®ć¦ć¼ć¶ć¼å±ę§ćåå¾ććć«ćÆćIdentity Governance Framework APIć¾ććÆć¦ć¼ć¶ć¼/ćć¼ć«APIćä½æēØćć¾ććå¤éØć·ć¹ćć č³ę ¼čؼę(ć¦ć©ć¬ććć¾ććÆLDAPćć¼ć¹ć»ć¹ćć¢ć«ę ¼ē“)ćåå¾ććć«ćÆćCSF APIćä½æēØćć¾ććčŖåÆććŖć·ć¼ć»ćć¼ćæć®ē®”ēć«ćÆćććŖć·ć¼ē®”ēAPIćä½æēØćć¾ććć¢ććŖć±ć¼ć·ć§ć³ć®ćć¼ććć³čؼęęøć®ē®”ēć«ćÆćć¼ć¹ćć¢ć»ćµć¼ćć¹APIćä½æēØćć¾ćć
Oracle WebLogic Serveräøć«ćććć¤ććććµć¼ćć¬ćććJSPćEJBćŖć©ć®Java EEć¢ććŖć±ć¼ć·ć§ć³ćÆćčŖčؼćØčŖåÆććć”ć¤ć«web.xml
ć§ęå®ććććØć§å®£čØēć«ä½æēØććććć«ę§ęććććØććisUserInRole
ććć³isCallerInRole
ć®ć³ć¼ć«ć«ćć£ć¦ććć°ć©ć ēć«ä½æēØććććć«ę§ęććććØćć§ćć¾ćć
ć«ć¹ćæć ć®čŖčؼćććć¤ćć«ćÆćęØęŗć®BasicčŖčؼććć©ć¼ć čŖčؼććÆć©ć¤ć¢ć³ćčؼęęøčŖčؼć®åę¹ę³ćććć¾ćććµć¼ćć¬ćććØEJBć®éć®čŖčؼćÆćć¦ć¼ć¶ć¼ć»ćć¼ć«ćØćØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ććä½æēØćć¦å¶å¾”ćć¾ćććććć®ćć¼ć«ćØć°ć«ć¼ććÆéåøøćLDAPćŖććøććŖććć¼ćæćć¼ć¹ć¾ććÆć«ć¹ćæć ć®čŖčؼćććć¤ćć«ę ¼ē“ćć¾ćć
Oracle Application Development Framework (ADF)ćÆćOracle JDeveloperć«ēØęććć¦ććJava EEéēŗćć¬ć¼ć ćÆć¼ćÆć§ćććJava EEć¢ććŖć±ć¼ć·ć§ć³ć®ć¤ć³ćć©ć¹ćć©ćÆćć£ćå®č£ ććć³ć¼ćć®ä½ęćęå°éć«ęććććØć§ćć¢ććŖć±ć¼ć·ć§ć³ć®éēŗćē°”ē“ åćć¾ćććć®ēµęćć¢ććŖć±ć¼ć·ć§ć³ę©č½ć«éēŗćŖć½ć¼ć¹ćéäøć§ććććć«ćŖćć¾ććOracle ADFć§ćÆććććć®ć¤ć³ćć©ć¹ćć©ćÆćć£ć®å®č£ ćOracle JDeveloperćć¬ć¼ć ćÆć¼ćÆć®äøć§å®ē¾ććJava EEć®č¦č¦ē宣čØēćŖéēŗć¢ććć¼ćć«ććéēŗćØćÆć¹ććŖćØć³ć¹ć®åäøćå³ć£ć¦ćć¾ćć
Oracle ADFć§ćÆOPSSćęé»ēć«ä½æēØćććć®ć§ćéēŗč ćÆéåøøćOPSS APIćē“ę„ęä½ććć³ć¼ććä½ęććåæ č¦ćÆććć¾ććććå½ē¶ć®ććØćŖćććOPSS APIćøć®ē“ę„ć³ć¼ć«ćä½æēØććććØćć§ćć¾ćć
Oracle ADFć§ćÆćć¾ćć³ć³ććčŖčؼćä½æēØććććć«ē¶ćć¦JAASćć¼ć¹ć®čŖåÆćä½æēØććććØć§ćOracle ADFćŖć½ć¼ć¹ćøć®ć¢ćÆć»ć¹ćå¶å¾”ćć¾ćććććć®čŖåÆććŖć·ć¼ć§ćÆćć¢ććŖć±ć¼ć·ć§ć³åŗęć®ćć¼ć«ććć³JAASčŖåÆćć¼ććć·ć§ć³ćęå®ć§ćć¾ććOracle ADFć®ę„ē¶č³ę ¼čؼęćÆćč³ę ¼čؼęć¹ćć¢ć«å®å Øć«ę ¼ē“ććć¾ćć
Oracle WebLogic Serveräøć«ćććć¤ććOracle ADFć¢ććŖć±ć¼ć·ć§ć³ććć³Oracle WebCenterć¢ććŖć±ć¼ć·ć§ć³ć«ćÆćććć©ć«ćć§ęå®ććć¦ćććććŖWebLogicčŖčؼćććć¤ććēµćæč¾¼ć¾ćć¾ćććć·ć³ć°ć«ć»ćµć¤ć³ćŖć³ć»ć½ćŖć„ć¼ć·ć§ć³(Oracle Access Managerć¾ććÆOracle Application Serverć·ć³ć°ć«ć»ćµć¤ć³ćŖć³)ćēµćæč¾¼ćććØćć§ćć¾ćć
ć¾ććć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćOPSSć®ę©č½ć§ććåæåćć¼ć«ćØčŖčؼćć¼ć«ć®ćµćć¼ććććŖć·ć¼ē®”ēAPIććć³č³ę ¼čؼęć¹ćć¢ć»ćć¬ć¼ć ćÆć¼ćÆćä»»ęć«ä½æēØććććØćę®éć§ćć
ćććć®ććććÆć®č©³ē“°ćÆćꬔć®åé ćåē §ćć¦ćć ććć
Oracle ADFć¢ććŖć±ć¼ć·ć§ć³ćéēŗććć³äæč·ććę¹ę³ć®č©³ē“°ćÆććOracle Application Development Frameworkć«ććFusion Webć¢ććŖć±ć¼ć·ć§ć³ć®éēŗćć®ē¬¬29ē« ćåē §ćć¦ćć ććć
Java EEć¢ććŖć±ć¼ć·ć§ć³ć§ę©č½ććOPSSę©č½ć®ć»ćØćć©ćÆJava SEć¢ććŖć±ć¼ć·ć§ć³ć§ćę©č½ćć¾ććććć®ę±ćć«ćÆććć¤ćć®éććććć¾ćććć®é ć§ćÆććććć®éćć«ć¤ćć¦čŖ¬ęćć¾ćć
OPSSćµć¼ćć¹ć®éå§
Java SEć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćä»»ęć®OPSSć»ćć„ćŖćć£ęä½ćčµ·åććåć«ćOPSSć”ć½ććAppSecurityContext.
JpsStartup.start()
ćä½æēØććåæ
č¦ćććć¾ćć
ę§ę
OPSSé¢é£ć®ę§ęćć”ć¤ć«ććć³ćć¼ćæć»ćć”ć¤ć«ćÆćć¹ć¦ććć”ć¤ć³ć»ćć¼ć ć®ę§ęćć£ć¬ćÆććŖć«ę ¼ē“ććć¾ććććØćć°ćJava SEē°å¢ć®ę§ęćć”ć¤ć«ćÆćććć©ć«ćć§ę¬”ć®å “ęć«ć¤ć³ć¹ćć¼ć«ććććć”ć¤ć«jps-config-jse.xml
ć§å®ē¾©ććć¦ćć¾ćć
$DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml
å„ć®å “ęćęå®ććć«ćÆćꬔć®ć¹ć¤ćććä½æēØćć¾ćć
-Doracle.security.jps.config=pathToConfigFile
ćć®ćć”ć¤ć«ć®ę§ęćÆććć”ć¤ć«jps-config.xml
ć®ę§ęćØåćć§ćććć®ćć”ć¤ć«ćÆćWebLogicć³ć³ććć§å®č”ććć³ć¼ćć§ä½æēØćć¾ććč©³ē“°ćÆćä»é²AćOPSSę§ęćć”ć¤ć«ć»ćŖćć”ć¬ć³ć¹ććåē
§ćć¦ćć ććć
Java SEć¢ććŖć±ć¼ć·ć§ć³ć®ć»ćć„ćŖćć£ę§ęć®č©³ē“°ćÆćē¬¬19ē« ćOPSSćä½æēØććććć®Java SEć¢ććŖć±ć¼ć·ć§ć³ć®ę§ęććåē §ćć¦ćć ććć
ćÆć©ć¹ćć¹ć§ęå®ććåæ č¦ć®ććJAR
Java SEć¢ććŖć±ć¼ć·ć§ć³ć§OPSSćµć¼ćć¹ćä½æēØć§ććććć«ććć«ćÆćꬔć®JARćć”ć¤ć«ćåæ ććÆć©ć¹ćć¹ć«čæ½å ćć¾ćććć®JARćć”ć¤ć«ćÆćOracleć®ć¤ć³ć¹ćć¼ć«ć»ćć¼ć ć®ć¢ćøć„ć¼ć«é åć«ććć¾ćć
$ORACLE_HOME/oracle_common/modules/oracle.jps_12.1.2/jps-manifest.jar
ćć°ć¤ć³ć»ć¢ćøć„ć¼ć«
Java SEć¢ććŖć±ć¼ć·ć§ć³ć§ćÆęØęŗć®JAASćć°ć¤ć³ć»ć¢ćøć„ć¼ć«ćä½æēØć§ćć¾ćććć ććWLSäøć§åććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ćä½æēØććå “åćÆććć®ćć°ć¤ć³ć»ć¢ćøć„ć¼ć«ćå¼ć³åŗćć«ć¹ćæć čŖčؼćććć¤ććå®č£ ćć¾ććSSPIć¤ć³ćæćć§ć¼ć¹ćä½æēØćććØćč¤ę°ć®ć«ć¹ćæć čŖčؼćććć¤ććWLSć§ēµ±åć§ćć¾ćć
Java SEć¢ććŖć±ć¼ć·ć§ć³ć§ć®ä½æēØć«ćč¦ććććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ćÆIdentityStorećć°ć¤ć³ć»ć¢ćøć„ć¼ć«ć§ćććć®ćć°ć¤ć³ć»ć¢ćøć„ć¼ć«ććć³ä»ć®ćć°ć¤ć³ć»ć¢ćøć„ć¼ć«ć®č©³ē“°ćÆćē¬¬19.3.3é ććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ććåē §ćć¦ćć ććć
č©³ē“°ćÆććOracle WebLogic Serverć»ćć„ćŖćć£ć»ćććć¤ćć®éēŗćć®ćčŖčؼćććć¤ćććåē §ćć¦ćć ććć
ćć®ē« ć§ćÆććć”ć¤ć³ć®ä½ęęć¾ććÆę”å¼µęć«ćć¢ććŖć±ć¼ć·ć§ć³ć§ććć”ć¤ć³ć»ć»ćć„ćŖćć£ć»ć¹ćć¢ć«ć¢ććŖć±ć¼ć·ć§ć³åŗęć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®ć·ć¼ććęå®ććę¹ę³ćčŖ¬ęćć¾ććććć§ćÆć12.1.2ćøć®ć¢ććć°ć¬ć¼ćęé ćčŖ¬ęćć¾ćć
ćć®ē« ćÆꬔć®é ć«åććć¦ćć¾ć:
ē¬¬7.4é ćé層åć³ć³ćć¼ćć³ćć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć
ē¬¬7.6é ćOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćććÆć¢ćććØćŖć«ććŖć
11gćć”ć¤ć³ć§ćÆććććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæćé©åć«čØå®ććć¦ććå “åć«č£½ååŗęć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆććęå®ćććØćéåøøććććć®ć¢ć¼ćć£ćć”ćÆććÆć¢ććŖć±ć¼ć·ć§ć³EARćć”ć¤ć«ć«ćć³ćć«ćććć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ęć«ć»ćć„ćŖćć£ć»ć¹ćć¢ć«ē§»č”ććć¾ććć
12cćć”ć¤ć³ć§ćÆćč£½åćć³ćć¬ć¼ćć«č£½ååŗęć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćććć³ćć«ćććØććććć®ć¢ć¼ćć£ćć”ćÆćććć”ć¤ć³ć»ć»ćć„ćŖćć£ć»ć¹ćć¢ć«ć·ć¼ćć§ćć¾ćć
JRFćć³ćć¬ć¼ććä½æēØćć¦ä½ęć¾ććÆę”å¼µććććć”ć¤ć³ćÆćFMWćć”ć¤ć³ćØå¼ć°ćć¾ććć¤ć¾ćććć®ćć³ćć¬ć¼ćć«ćć£ć¦ććć”ć¤ć³ć»ć»ćć„ćŖćć£ć»ć¹ćć¢ć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®ććććøć§ćć³ć°ćęå®ććć¾ććå ·ä½ēć«ćÆćFMWćć”ć¤ć³ć®ä½ęęć¾ććÆę”å¼µęć«ćꬔć®ćæć¹ćÆćčŖåēć«å®č”ććć¾ćć
OPSSć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®ä½ę
ęå·åéµć§ć·ć¼ćććććć¼ćć¹ćć©ććć»ć¦ć©ć¬ććć®ä½ę
čæ½å čØå®ćŖćć®ćꬔćå«ććć¼ć¹ćć¢ć»ćµć¼ćć¹ć®ä½ę
ćć”ć¤ć³ć»ćć©ć¹ćć»ć¹ćć¢
ćć¢CAćć¼ć¹ćć¢
Oracle WebLogic Serverć§ä½æēØćććć”ć¤ć³ć»ć¢ć¤ćć³ćć£ćć£ć»ćć¼ć»ć¹ćć¢
čæ½å čØå®ćŖćć®ććć¼ć¹ćć¢ć»ćµć¼ćć¹ć«ę„ē¶ććććć©ć¹ćć»ćµć¼ćć¹ć®ä½ę
ę”å¼µćć”ć¤ć³ć§ćÆćåčæ°ć®äŗé ć«å ćć¦ćꬔćęå®ććć¾ćć
čæ½å čØå®ćŖćć®ćDBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ć®ę§ę
ććć©ć«ćć§ć®ćDBćć¼ć¹ć®ē£ę»ćŖććøććŖć®ę§ę
éč¦äŗé : JRFćć³ćć¬ć¼ćć§ćÆćē®”ēåÆ¾č±”ćµć¼ćć¼ćÆä½ęććć¾ćććJRFćć³ćć¬ć¼ćć«ćć£ć¦ä½ęć¾ććÆę”å¼µććććć”ć¤ć³ć§ćÆććć®ćć¹ć¦ć®ćŖć½ć¼ć¹ćē®”ēćµć¼ćć¼ć«ć®ćæćæć¼ć²ććęå®ććć¾ććå¾ć§ē®”ēåÆ¾č±”ćµć¼ćć¼ććć”ć¤ć³ć«čæ½å ćććØććÆć ć¤ć¾ććåę§ęå¾ć®OPSSćØē£ę»ćć¼ćæć»ć½ć¼ć¹ćē®”ēåÆ¾č±”ćµć¼ćć¼ć«ćæć¼ć²ććęå®ććć«ćÆć applyJRF('managedServer1', '<domain_dir>') |
ć³ć³ćć¼ćć³ćć»ćć³ćć¬ć¼ćć®č©³ē“°ćÆććé層åć³ć³ćć¼ćć³ćć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćććåē §ćć¦ćć ććć
ę¬ēŖFMWćć”ć¤ć³ćÆę”å¼µćć”ć¤ć³ć§ććåæ
č¦ććććę”å¼µćć”ć¤ć³ć«ćÆDBćć¼ć¹ć®OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćåæ
č¦ć§ćććć®ćć¼ćæćć¼ć¹ćÆćę°ćććć¼ćæćć¼ć¹ć«ććććØććę¢åć®ćć¼ćæćć¼ć¹ćä»ć®FMWćć”ć¤ć³ć«é¢é£ä»ćć¦å
±ęćć¼ćæćć¼ć¹ć«ććććØćć§ćć¾ććē®”ēåÆ¾č±”ćµć¼ćć¼ć«ćæć¼ć²ććęå®ććć¦ćććŖć½ć¼ć¹ććć³applyJRF
ć¦ć¼ćć£ćŖćć£ć®ä½æēØć«ć¤ćć¦ćÆććFMWćć”ć¤ć³ćć®ćéč¦äŗé
ććåē
§ćć¦ćć ććć
ꬔć®åé ć§ćÆćFMWćć”ć¤ć³ć®ä½ęę¹ę³ćčŖ¬ęćć¾ćć
ę°ćććć¼ćæćć¼ć¹ćØé¢é£ä»ććććFMWćć”ć¤ć³ćä½ęć¾ććÆę”å¼µććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
ę°ćććć¼ćæćć¼ć¹ć»ć¹ćć¼ććä½ęćć¾ććč©³ē“°ćÆćē¬¬9.3.1é ćDBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ćä½æēØććå “åć®åęę”件ććåē §ćć¦ćć ććć
ćOracle Fusion Middlewareę§ęć¦ć£ć¶ć¼ćć«ććWebLogicćć”ć¤ć³ć®ä½ęćć®ē¬¬5ē« ćę§ęē»é¢ćć§čŖ¬ęććć¦ććććć«ćę§ęć¦ć£ć¶ć¼ććä½æēØćć¦ćć”ć¤ć³ćä½ęć¾ććÆę”å¼µćć¾ćć
ćć®ćæć¹ćÆć§ćÆē¹ć«ćęé 1ć§ä½ęćććć¼ćæćć¼ć¹ć»ć¹ćć¼ććŖć©ćä½æēØćććć¼ćæćć¼ć¹ć»ć¹ćć¼ćć«é¢ććę å ±ćęå®ććććä½æēØććJFRćć³ćć¬ć¼ććéøęćć¾ćć
ę³Øę1: ä½ęäøć®ćć”ć¤ć³ć«é¢é£ä»ćććććć¼ćæćć¼ć¹ć»ć¹ćć¼ććÆćę°ćććć®ć§ććåæ č¦ćććć仄åć«ä½æēØćććć®ć«ććććØćÆć§ćć¾ććć |
ę³Øę2: JRFćć³ćć¬ć¼ććå¦ēććććØććć”ć¤ć³ć®ä½ęęć¾ććÆę”å¼µęć«ćOPSSć¹ćć¼ćēØćOPSSē£ę»ćć„ć¼ć¢ć»ć¹ćć¼ćēØććć³OPSSē£ę»čæ½å ć¹ćć¼ćēØć«3ć¤ć®ćć¼ćæć»ć½ć¼ć¹ćčŖåä½ęććć¾ććJRFćć³ćć¬ć¼ćć®ćć®ä»ć®ę©č½ć®č©³ē“°ćÆććFMWćć”ć¤ć³ććåē §ćć¦ćć ććć |
ćć”ć¤ć³ć®ä½ęćę”å¼µć¾ććÆć¢ććć°ć¬ć¼ćć®ććć®ćć¹ć¦ć®ćć¼ć«ć®č©³ē“°ćÆććOracle Fusion Middlewarećć”ć¤ć³ć»ćć³ćć¬ć¼ćć»ćŖćć”ć¬ć³ć¹ćć®ćć³ćć¬ć¼ćć»ćć¼ć«ć«é¢ććčŖ¬ęćåē §ćć¦ćć ććć
ćć”ć¤ć³ć®ę¢åć®ćć¼ćæćć¼ć¹ćØé¢é£ä»ććććę”å¼µFMWćć”ć¤ć³ćä½ęććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
ę³Øę: åčæ°ć®ęé ć§ćÆę§ęć¦ć£ć¶ć¼ććä½æēØć§ććć®ć«åƾćć¦ćꬔć®ęé ć§ćÆćWLSTć³ćć³ćć®ćæćä½æēØć§ćć¾ćć |
ćć”ć¤ć³domain1
ć§(ä»ć®ćć”ć¤ć³ćēµåććåæ
č¦ć®ćć)ę¢åć®ćć¼ćæćć¼ć¹db1
ćä½æēØćć¦ćććØä»®å®ććå “åćꬔć«ē¤ŗćWLSTćŖćć©ć¤ć³ć»ć³ćć³ćexportEncryptionKey
ćä½æēØćć¦ćdomain1
ćććęå®ćććå “ęć«ęå·åéµććØćÆć¹ćć¼ććć¾ćć
exportEncryptionKey(location, password)
ć³ćć³ćć®č©³ē“°ćÆććOracle Fusion Middlewareć¤ć³ćć©ć¹ćć©ćÆćć£ć»ć»ćć„ćŖćć£WLSTć³ćć³ćć»ćŖćć”ć¬ć³ć¹ććåē
§ćć¦ćć ććć
WLSTć³ćć³ććä½æēØćć¦ę°ććFMWćć”ć¤ć³ćä½ęćććć®ćć”ć¤ć³ć§ćć¼ćæćć¼ć¹db1
ćå
±ęćć¾ććććć§ä½æēØććć¹ćÆćŖćććÆćę”å¼µćć”ć¤ć³ć®ä½ęć«ä½æēØććć¹ćÆćŖćććØåę§ć§ćććꬔć®č”ćå«ćåæ
č¦ćććē¹ćē°ćŖćć¾ćć
setSharedSecretStoreWithPassword(location, password)
location
ććć³password
ć®å¤ćÆćexportEncryptionKey
ćøć®ć³ć¼ć«ć§ä½æēØććå¤ćØåćć§ććåčæ°ć®ć³ć¼ć«ćÆćć¹ćÆćŖććå
ć§updateDomain
ćøć®ć³ć¼ć«ć®ē“åć«é
ē½®ććć¦ćć¾ććć³ćć³ćę§ęć®č©³ē“°ćÆććOracle Fusion Middlewareć¤ć³ćć©ć¹ćć©ćÆćć£ć»ć»ćć„ćŖćć£WLSTć³ćć³ćć»ćŖćć”ć¬ć³ć¹ććåē
§ćć¦ćć ććć
ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®ć·ć¼ćććć³ććć»ć¹ćē°”ē„åććć«ćÆććć”ć¤ć³ć®ä½ęć¾ććÆę”å¼µęć«ćOPSSćä½æēØććć³ć³ćć¼ćć³ćć«ćć£ć¦ćć³ćć¬ć¼ććęå®ćććåæ č¦ćććć¾ćććć®ćć³ćć¬ć¼ććÆćć³ć³ćć¼ćć³ćć®å®č”ć«åæ č¦ćŖćć³ć³ćć¼ćć³ćć®ćæć«åŗęć®ć¢ć¼ćć£ćć”ćÆććå®ē¾©ććć³ćć³ćć«ććč”Ø7-1ć«ē¤ŗććć”ć¤ć«ćå«ćæć¾ćć
č”Ø7-1 OPSSć§ä½æēØćććć³ć³ćć¼ćć³ćć»ćć³ćć¬ć¼ćć®ćć”ć¤ć«
ćć”ć¤ć«å | čŖ¬ę | ćć³ćć¬ć¼ćć®ć«ć¼ćć»ćć©ć«ćććć®å “ę |
---|---|---|
component-security-info.xml |
åæ é ćć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®ć©ć¤ććµć¤ćÆć«ćęå®ćć¾ćć |
./security/component-security-info.xml |
jazn-data.xml |
ćŖćć·ć§ć³ćčŖåÆććŖć·ć¼ćęå®ćć¾ćć |
./security/authorization/jazn-data.xml |
keystore.xml |
ćŖćć·ć§ć³ććć¼ć¹ćć¢ć®ć”ćæćć¼ćæćęå®ćć¾ćć |
./security/keystore/keystore.xml |
credentials.xml |
ćŖćć·ć§ć³ćć³ć³ćć¼ćć³ćć§ä½æēØćććč³ę ¼čؼęć”ćæćć¼ćæćęå®ćć¾ćć |
./security/credential/credentials.xml |
component_events.xml |
ćŖćć·ć§ć³ćē£ę»ć”ćæćć¼ćæćęå®ćć¾ćć |
./security/audit/component_events.xml |
component_events_xlf.jar |
ćŖćć·ć§ć³ććć¼ć«ć©ć¤ćŗćććē£ę»ć”ćæćć¼ćæćęå®ćć¾ćć |
./security/audit/component_events_xlf.jar |
ę³Øę: č£½åćć³ćć¬ć¼ćć«ćć³ćć«ćććOPSSć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć§ćÆć |
ćć®é ć§ćÆćć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćććŖćŖć¼ć¹11.1.1.6ć¾ććÆ11.1.1.7ćććŖćŖć¼ć¹12.1.2ć«ć¢ććć°ć¬ć¼ćććęé ćčŖ¬ęćć¾ćć
12.1.2ćøć®OPSSć®ć¢ććć°ć¬ć¼ćć«ćÆćꬔć®ä½ę„ćåæ č¦ć§ćć
Oracle Fusion Middlewareć®ć¢ććć°ć¬ć¼ćć»ć¢ć·ć¹ćæć³ććä½æēØćććOPSSć¹ćć¼ćć®ć¢ććć°ć¬ć¼ć(OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć»ć¹ćć¼ćććć³ē£ę»ć¹ćć¼ćć®ć¢ććć°ć¬ć¼ć)ć
åę§ęć¦ć£ć¶ć¼ććä½æēØććꬔć®ä½ę„:
ććŖć·ć¼ć»ć¹ćć¢ć»ćć¼ćæćę ¼ē“ććć¦ćććććŖć·ć¼ć»ć¹ćć¢ć®ćć£ć¬ćÆććŖę å ±ććŖć¼ć®ć¢ććć°ć¬ć¼ćć
OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćć¼ćæć®ć¢ććć°ć¬ć¼ćć
ćć”ć¤ć«jps-config.xml
ććć³jps-config-jse.xml
ć®ćµć¼ćć¹ę§ęć®ć¢ććć°ć¬ć¼ććOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćDBćć¼ć¹ć®å “åćÆćē£ę»ćć°ć»ćŖććøććŖćDBćć¼ć¹ć«čØå®ććć¾ćć
ć¢ććć°ć¬ć¼ćåÆ¾č±”ć®OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćLDAPćć¼ć¹ć¾ććÆDBćć¼ć¹ć®å “åćÆćć¢ććć°ć¬ć¼ćć失ęććéć«åćć¦ććŖć«ććŖēØć«ć»ćć„ćŖćć£ć»ć¹ćć¢ććććÆć¢ćććć¦ććć¦ćć ćććč©³ē“°ćÆććOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćććÆć¢ćććØćŖć«ććŖććåē §ćć¦ćć ććć
OIDćć¼ć¹ć¾ććÆDBćć¼ć¹ć®OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć11.1.1.6ć¾ććÆ11.1.1.7ćć12.1.2ć«ć¢ććć°ć¬ć¼ćććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
Oracle Fusion Middlewareć¢ććć°ć¬ć¼ćć»ć¢ć·ć¹ćæć³ććå®č”ćć¦ćOPSSć¹ćć¼ććć¢ććć°ć¬ć¼ććć¾ćććä½æēØåÆč½ćŖć³ć³ćć¼ćć³ćććć¼ćøć§ćåæ ććOracle Platform Security Servicesććéøęćć¦ćć ćććć¢ććć°ć¬ć¼ćć»ć¢ć·ć¹ćæć³ćć®č©³ē“°ćÆććOracle Fusion Middleware Upgrade Assistantć«ććć¢ććć°ć¬ć¼ćććåē §ćć¦ćć ććć
ćŖććøććŖä½ęć¦ć¼ćć£ćŖćć£(RCU)ćå®č”ćć¦ććµć¼ćć¹č”Øć®ć¹ćć¼ćć®ćæćä½ęćć¾ćććć®č”Øć®č©³ē“°ćÆćčŖåēć«ććć¼ćæćć¼ć¹ę§ęćæć¤ćććć¼ćøć«ęæå „ććć¾ććRCUć®č©³ē“°ćÆććRepository Creation Utilityć«ććć¹ćć¼ćć®ä½ęććåē §ćć¦ćć ććć
åę§ęć¦ć£ć¶ć¼ććå®č”ćć¦ćć”ć¤ć³ć®åę§ęćęå¹ć«ććOPSSćć¼ćæćDITćę§ęć¢ć¼ćć£ćć”ćÆćććć³č£½åć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆććć¢ććć°ć¬ć¼ććć¾ćć
ćć®ęé ć§ćÆćꬔć®ē¹ć«ę³Øęćć¦ćć ććć
ććć¼ćæćć¼ć¹ę§ęćæć¤ćććć¼ćøć§ćRCUćć¼ćæććéøęććęé 2ć§ä½ęćććµć¼ćć¹č”Øć®ć¹ćć¼ććå „åćć¦ććRCUę§ęć®åå¾ćććÆćŖććÆćć¾ćć
ćć³ć³ćć¼ćć³ćć»ćć¼ćæć½ć¼ć¹ććć¼ćøć§ę¬”ć®ć³ć³ćć¼ćć³ććéøęććć¹ćć¼ćć®č©³ē“°ćå „åćć¾ćć
OPSSē£ę»ć¹ćć¼ć - IAU_APPEND
OPSSē£ę»ćć„ć¼ć¢ - IAU_VIEWER
OPSSć¹ćć¼ć - OPSS
č£½åć®åę§ęćć³ćć¬ć¼ććčŖåēć«éøęćććå¦ēććć¾ćććć³ćć¬ć¼ćć®č©³ē“°ćÆćē¬¬7.4é ćé層åć³ć³ćć¼ćć³ćć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćććåē §ćć¦ćć ććć
11.1.1.6ćć”ć¤ć³ććć¢ććć°ć¬ć¼ćććå “åć®ćæć11g JARćć”ć¤ć«${common.components.home}/modules/oracle.jps_11.1.1/jps-wls-trustprovider.jar
ćć¢ććć°ć¬ć¼ćęøćć”ć¤ć³ć®${domain.home}/lib/mbeantypes
ć«ć³ćć¼ćć¾ćć
ę³Øę: 12cę”å¼µćć”ć¤ć³ćć12cć®ć¢ććć°ć¬ć¼ćęøćć”ć¤ć³ćøć®ēµåćÆććµćć¼ćććć¦ćć¾ććć |
Oracle Fusion Middlewareć®ć¢ććć°ć¬ć¼ćć®č©³ē“°ćÆććOracle Fusion Middleware Oracle Fusion Middlewareć®ć¢ććć°ć¬ć¼ćć®ćć©ć³ćć³ć°ććåē §ćć¦ćć ććć
ćć”ć¤ć«ćć¼ć¹ć®OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć11.1.1.6ć¾ććÆ11.1.1.7ćć12.1.2ć«ć¢ććć°ć¬ć¼ćććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
ć³ćć³ćreassociateSecurityStore
ćä½æēØćć¦ććć”ć¤ć«ćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ćOIDćć¼ć¹ć¾ććÆDBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ć«ååŗ¦é¢é£ä»ććć¾ć(č©³ē“°ćÆćē¬¬10.3.1é
ćreassociateSecurityStoreććåē
§ćć¦ćć ćć)ć
åčæ°ć®ęé ć«å¾ć£ć¦ćååŗ¦é¢é£ä»ććć(OIDćć¼ć¹ć¾ććÆDBćć¼ć¹ć®)ć»ćć„ćŖćć£ć»ć¹ćć¢ć12.1.2ć«ć¢ććć°ć¬ć¼ććć¾ćć
ćć®é ć§ćÆććć”ć¤ć³ć®OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćććÆć¢ććę¹ę³ćØćŖć«ććŖę¹ę³ćčŖ¬ęćć¾ćććć®ęé ćÆćå¦ēåÆ¾č±”ć§ććOPSSć¹ćć¢ć®ēØ®é”(DBćć¼ć¹ć¾ććÆOIDćć¼ć¹)ć«ćć£ć¦ē°ćŖćć¾ćć
ć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćććÆć¢ććć«å ćććŖć«ććŖćåÆč½ć«ććććć«ćꬔć®ć»ćć„ćŖćć£ć»ć¹ćć¢ēØć®ę§ęćć”ć¤ć«ćØćć¼ćæć»ćć”ć¤ć«ćäæåćć¦ćć ćć(ć¢ć¹ćæćŖć¹ćÆć§ćć£ć¬ćÆććŖå ć®ćć¹ć¦ć®ćć”ć¤ć«ćęå®åÆč½)ć
{domain}/Config/config.xml {domain}/Config/Fmwconfig/jps-config.xml {domain}/Config/Fmwconfig/jps-config-jse.xml {domain}/Config/Fmwconfig/cwallet.sso {domain}/Config/Fmwconfig/keystores.cml {domain}/Config/Fmwconfig/audit-store.xml {domain}/Config/Fmwconfig/system-jazn-data.xml {domain}/Config/Fmwconfig/ids-config.xml {domain}/Config/Fmwconfig/mbeans/jps_mbeans.xml {domain}/Config/Fmwconfig/bootstrap/cwallet.sso
åčæ°ć®ćć”ć¤ć«ćÆéåøøćOracle WebLogic Serverćć”ć¤ć³ć»ćććÆć¢ććć®äøéØćØćć¦ćććÆć¢ććććć¾ććOracle WebLogicćć”ć¤ć³ć»ćććÆć¢ććć®č©³ē“°ćÆććOracle Fusion Middlewareć®ē®”ēćć®ę¬”ć®ććććÆćåē §ćć¦ćć ććć
ē¬¬17.3é ććććÆć¢ććć®å®č”ć
ē¬¬18.2.2é ćOracle WebLogic Serverćć”ć¤ć³ć®ćŖć«ććŖć
ćć®é ć«ćÆꬔć®ććććÆćå«ć¾ćć¾ć:
DBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćććÆć¢ćććØćŖć«ććŖ
OIDćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ć®ćććÆć¢ćććØćŖć«ććŖ
ćć®é ć®ęé ć§ćÆćć¢ćÆćć£ććŖćć¼ćæćć¼ć¹č¤č£½ćåÆč½ć«ććOracle DatabasećÆć©ć¤ć¢ć³ćć®Recovery Manager (RMAN)ćä½æēØćć¾ćććććÆććććÆć¢ććę¦ē„ćØćŖć«ććŖć®čŖååć§ćäøč¬ēć«ä½æēØććććć¼ć«ć§ććRMANć®č©³ē“°ćÆćOracle DatabasećććÆć¢ććććć³ćŖć«ććŖć»ć¦ć¼ć¶ć¼ćŗć»ć¬ć¤ćć®ę¬”ć®ććććÆćåē §ćć¦ćć ććć
RMANć®ę¦č¦
ćć¼ćæćć¼ć¹ć®å®å ØćŖć«ććŖć®å®č”
ꬔć®ęé ć§ćÆććć¹ćAć«ćććć”ć¤ć³ć®DBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ć»ć¤ć³ć¹ćæć³ć¹ććć¹ćBć®ć¤ć³ć¹ćæć³ć¹ć«ćććÆć¢ććććę¹ę³ćčŖ¬ęćć¾ććććć§ćÆććć¹ćAć®ć»ćć„ćŖćć£ć»ć¹ćć¢ć®jdbc urlćproddb
ć«čØå®ććć¦ććććØćę³å®ććć¦ććććć®åććć”ć¤ć³ć§ćjdbc urlćtestdb
(ćć¹ćB)ć«čØå®ććć¦ćć(ćÆćć¼ćć³ć°ććć) DBćć¼ć¹ć»ć¹ćć¢ćä½æēØć§ććććć«ććććØćē®ęØć§ćć
åčæ°ć®ę³å®ć§DBćć¼ć¹ć®ć»ćć„ćŖćć£ć»ć¹ćć¢ććććÆć¢ććććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
ꬔć®ććć«ććć¹ćBć®ć¤ć³ć¹ćæć³ć¹testdb
ćęŗåćć¾ćć
ę°č¦ć¤ć³ć¹ćæć³ć¹ēØć®pfilećä½ęćć¾ććć¤ć¾ććꬔć®č”ć®å 容ćęć¤inittestdb.oraćć”ć¤ć«ćä½ęćć¾ćć
# db_name=testdb #
ꬔć®č”ć«ē¤ŗćććć«ćtestdb
ćlistener.orać«čæ½å ćć¾ćć
(SID_DESC=(SID_NAME=testdb)(GLOBAL_DBNAME=testdb)(ORACLE_HOME=/ade/b/3882746433/oracle))
ꬔć®č”ć«ē¤ŗćććć«ćtestdb/proddbćtnsnames.orać«čæ½å ćć¾ćć
proddb=(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=hostA.com)(PORT=XXXX))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME= proddb)))
testdb=(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=hostB.com)(PORT=YYYY))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=testdb)))
ꬔć®č”ć«ē¤ŗćććć«ććŖć¹ćć¼ćåčµ·åćć¾ćć
lsnrctl stop, lsnrctl start
ꬔć®č”ć«ē¤ŗćććć«ćnomountć¢ć¼ćć®pfilećä½æēØćć¦ę°č¦ć¤ć³ć¹ćæć³ć¹ćčµ·åćć¾ćć
$ export ORACLE_SID=testdb
$ sqlplus / as sysdba
SYS@testdb SQL>startup nomount pfile=/scratch/rdbms/dbs/inittestdb.ora
ꬔć®ććć«ćRMANćä½æēØćć¦proddb
ćtestdb
ć«ćÆćć¼ćć³ć°ćć¾ćć
ꬔć®č”ć«ē¤ŗćććć«ćtestdb/proddbćtnsnames.orać«čæ½å ćć¾ćć
proddb=(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=myhostA.com)(PORT=XXXX))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME= proddb)))
testdb=(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=myhostB.com)(PORT=YYYY))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=testdb)))
ć¤ć³ć¹ćæć³ć¹proddb
ćspfilećä½æēØćć¦ććććØćē¢ŗčŖćć¦ćć ćććććć§ćŖćå “åćÆćsysdbaćØćć¦ćć°ć¤ć³ććcreate spfile from pfilećå®č”ććććØć§ćåęåćć”ć¤ć«ćććć¤ććŖspfilećēęćć¾ććꬔć«ćµć¼ćć¼ćåčµ·åćć¾ćć
ꬔć®č”ć«ē¤ŗćććć«ććŖć¹ćć¼ćåčµ·åćć¾ćć
lsnrctl stop, lsnrctl start
č¤č£½ćć¼ćæćć¼ć¹ć»ćć”ć¤ć«ć®ååć®ēęę¹ę³ćę±ŗå®ćć¾ććå ·ä½ēć«ćÆćå¶å¾”ćć”ć¤ć«ććć¼ćæćć”ć¤ć«ććŖć³ć©ć¤ć³REDOćć°ć»ćć”ć¤ć«ććć³äøęćć”ć¤ć«ć®å½åę¹ę³ćę±ŗå®ćć¾ćć
ććØćć°ćproddb
ć§ćÆ/oradata/proddbćć£ć¬ćÆććŖć«ćććć¹ćAć®ćć”ć¤ć«ćććć¹ćBć®/oradata/testdbć«äæåććå “åćÆćDB_FILE_NAME_CONVERT '/proddb',' /testdb'ćꬔć®ć·ć¼ć±ć³ć¹ć§ęå®ćć¾ćć
ꬔć®č”ć«ē¤ŗćććć«ćRMANćå®č”ćć¦proddb
ćtestdb
ć«ćÆćć¼ćć³ć°ćć¾ćć
$rman RMAN> CONNECT TARGET SYS@proddb RMAN> CONNECT AUXILIARY SYS@testdb RMAN> DUPLICATE TARGET DATABASE TO testdb FROM ACTIVE DATABASE DB_FILE_NAME_CONVERT '/proddb','/testdb' SPFILE PARAMETER_VALUE_CONVERT '/proddb','/testdb' SET LOG_FILE_NAME_CONVERT '/proddb','/testdb';
åčæ°ć®RMANć·ć¼ć±ć³ć¹ćę£åøøć«å®č”ćććććØćē¢ŗčŖćć¦ćć ććć
(ćŖćć·ć§ć³)ćć”ć¤ć³ćåćęæćć¦ććććÆć¢ćććććć°ććć®ćć¼ćæćć¼ć¹ćOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćØćć¦ä½æēØććććØć§ććććÆć¢ććęøć®DBć¤ć³ć¹ćæć³ć¹testdb
ćę£ććę©č½ććććØćē¢ŗčŖćć¾ćć
Oracle WebLogic Serverćåę¢ćć¾ćć
ćć”ć¤ć«{domain}/config/fmwconfig/jps-config.xml
ććć³{domain}/config/jdbc/*xml
ć§ćjdbc urlćproddb
ććtestdb
ć«å¤ę“ćć¾ćć
Oracle WebLogic Serverćåčµ·åćć¾ćć
ćć”ć¤ć³ć»ć»ćć„ćŖćć£ćę£ććę©č½ććććØćē¢ŗčŖćć¾ćć
ćććÆć¢ććå ć®Oracle Internet Directoryć¹ćć¢ććććÆć¢ććå ć®Oracle Internet Directoryć¹ćć¢ć«ćććÆć¢ććććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
ē§»č”å
ć®Oracle Internet Directoryćććć·ć¹ćć ć§ćꬔć®č”ć«ē¤ŗćććć«ldifwrite
ćå®č”ćć¦LDIFćć”ć¤ć«ćēęćć¾ćć
>ldifwrite connect="srcOidDbConnectStr" basedn="cn=jpsnode, c=us" ldiffile="srcOid.ldif"
ćć®ć³ćć³ćć§ćÆććć¼ćcn=jpsnode, c=us
仄äøć®ćć¹ć¦ć®ćØć³ććŖććć”ć¤ć«srcOid.ldif
ć«ęøćč¾¼ć¾ćć¾ćććć®ćć”ć¤ć«ććꬔć«å®č”ććć³ćć³ćć§ä½æēØć§ććććć«ććććÆć¢ććå
ć®Oracle Internet Directoryćć”ć¤ć«ć»ć·ć¹ćć ć«ē§»åćć¾ćć
ćććÆć¢ććå ć®Oracle Internet Directoryć·ć¹ćć ć§ćJPSć¹ćć¼ććć·ć¼ćććć¦ććććØćē¢ŗčŖćć¾ćć
ē§»č”å
ć®Oracle Internet Directoryć·ć¹ćć ć§ćꬔć®č”ć«ē¤ŗćććć«bulkload
ćå®č”ćć¦ć¹ćć¼ćć»ćØć©ć¼ćäøé©åćŖćØć³ććŖććŖćoųććØćē¢ŗčŖćć¾ćć
>bulkload connect="dstOidDbConnectStr" check=true generate=true restore=true file="fullPath2SrcOidLdif"
éč¤ććDN(ćććÆć¢ććå ć®ćć£ć¬ćÆććŖćØćććÆć¢ććå ć®ćć£ć¬ćÆććŖćØć®éć§å ±éćććØć³ććŖ)ćę¤åŗćććå “åćÆćäŗęććŖćēµęćēććŖćććć«ćććć®DNćē¢ŗčŖćć¾ćć
ꬔć®č”ć«ē¤ŗćććć«bulkload
ćå®č”ćć¦ćē§»č”å
ć®Oracle Internet Directoryć«ćć¼ćæććć¼ććć¾ćć
>bulkload connect="dstOidDbConnectStr" load=true file="fullPath2SrcOidLdif"
åčæ°ć®ć³ćć³ćć®č©³ē“°ćÆććOracle Fusion Middleware Oracle Internet Directoryē®”ēč ć¬ć¤ććć®ę¬”ć®ććććÆćåē §ćć¦ćć ććć
ē¬¬15.6é ćldifwritećä½æēØććOracle Internet Directoryćććć”ć¤ć«ćøć®ćć¼ćæć®ćć³ćć
ē¬¬37.2.1é ćLDIFćć”ć¤ć«ćØbulkloadćä½æēØććLDAPćć¼ćæć®ē§»č”ć
ä¼ę„ć§čØå®ććć¹ć±ćøć„ć¼ć«ć«å¾ć£ć¦ćå®ęēć«OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ććććÆć¢ććććććØććč¦ććć¾ććć¾ććꬔć®ć¤ćć³ććēŗēććē“å¾ćÆćäŗå®å¤ć®ćććÆć¢ćććå®č”ćć¦ćć ććć
ćć”ć¤ć³ēØć®ę°ććęå·åćć¼ć®(čŖå)ēę
ę°ććććŖć·ć¼ć®ä½ę
ę°ćććć¤ć³ćć£ć³ć°č³ę ¼čؼęć®čØå®
ćć®ē« ć§ćÆćē£ę»ć¬ćć¼ćć®ę§ęę¹ę³ćØč”Øē¤ŗę¹ę³ć«ć¤ćć¦čŖ¬ęćć¾ćć
ćć®ē« ć®å 容ćÆꬔć®ćØććć§ćć
ę³Øę: ćć®ē« ć§čŖ¬ęććć¬ćć¼ćę©č½ćä½æēØåÆč½ćć©ćććē¢ŗčŖććć«ćÆćä½ę„ćé²ććåć«ćē¬¬15.1é ćåē §ćć¦ćć ććć |
Oracle Fusion Middlewareē£ę»ć¬ćć¼ćć§ćÆć2ć¤ć®ę¹ę³ć§ē£ę»ć¬ćć¼ććä½æēØć§ćć¾ććę”ēØććę¹ę³ćÆććµć¤ćć§ä½æēØćć¦ććē£ę»ć¢ćć«ććć³ć³ć³ćć¼ćć³ćć«ćć£ć¦ęå®ććć¦ćć¾ćć
åēć”ćæćć¼ćæć»ć¢ćć«
ćć®ē£ę»ć”ćæćć¼ćæć»ć¢ćć«ćÆć11gćŖćŖć¼ć¹1 (11.1.1.6.0)ć§å°å „ććć¾ćććę°ććOracle Fusion Middleware 12c (12.1.2)ćć¤ć³ć¹ćć¼ć«ćććØćčŖåēć«ćć®ć¢ćć«ćä½æēØććć¾ćć
ē¬¬15.2é ć§ćÆććć®ć¢ćć«ć«åŗć„ćē£ę»ć¬ćć¼ćć®ä½ęę¹ę³ćčŖ¬ęćć¾ćć
ć¬ćć¼ćć»ćć³ćć¬ć¼ćć»ć¢ćć«
ćć®å¤ćć¢ćć«ćÆćć·ć¹ćć ć»ć³ć³ćć¼ćć³ćć«ćć£ć¦ä½æēØććć¾ććć¾ććć¢ććć°ć¬ć¼ćć®éć«ćē£ę»ćć¬ć¼ć ćÆć¼ćÆć§ćÆå¼ćē¶ććć®ć¢ćć«ćä½æēØććć¾ćć
ē¬¬C.2é ććć³ē¬¬C.3é ć§ćÆććć®ć¢ćć«ć«åŗć„ćē£ę»ć¬ćć¼ćć®ä½ęę¹ę³ćčŖ¬ęćć¾ćć
ē£ę»ēµ±åć®ęēµēćŖē®ēćÆćē£ę»ćć¼ćæćć¼ć¹č”Øć«äæē®”ćććē£ę»ć¤ćć³ćć®ć¬ćć¼ććä½ęććććØć§ććē¬¬14.6.1é
ć§čŖ¬ęććć¦ććććć«ćē£ę»ć¤ćć³ććÆå
±éå±ę§ćć¼ćć«iau_common
(ē¬¬13.4.2.2é
)ććć³ć«ć¹ćæć å±ę§ćć¼ćć«iau_custom_nnn
(ē¬¬13.4.2.4é
)ć«äæåććć¾ććOPSSå
±éē£ę»ćć¬ć¼ć ćÆć¼ćÆćÆćć³ć³ćć¼ćć³ćć«åƾćć¦SQLć¹ćÆćŖćććēęććć¬ćć¼ćä½ęć¢ććŖć±ć¼ć·ć§ć³ć®ć³ć³ćć¼ćć³ććē£ę»ćć¼ćæćć¼ć¹č”Øć®ē£ę»ć¤ćć³ćć»ćć¼ćæć®ååćć«ä½æēØć§ććOraclećć¼ćæćć¼ć¹ć»ćć„ć¼ćä½ęćć¾ćć
ꬔć®ęé (äøéØćÆćć§ć«å®č”ęø)ćåæ č¦ć§ćć
åēć¾ććÆ宣čØć«ććē»é²ćä½æēØćć¦ćē£ę»ćć¬ć¼ć ćÆć¼ćÆć«ēµ±åćć¾ć(ē¬¬25.2é ććē¬¬25.4é )ć
ē£ę»ććŖć·ć¼ćę§ęććē£ę»ćć¼ćæćēęććć¤ćć³ćććå®č”ęē£ę»ćµć¼ćć¹ććć°ć«čØé²ć§ććććć«ćć¾ć(ē¬¬25.5é ććć³ē¬¬25.6é )ć
ē£ę»ćć¼ćć¼ćę§ęćććć¹ć¹ćććć»ćć”ć¤ć«ććć¼ćæćć¼ć¹ć«ē§»č”ćććććØćē¢ŗčŖćć¾ć(ē¬¬14.2é )ć
createAuditDBView
ć³ćć³ććä½æēØććē£ę»å®ē¾©ć®SQLć¹ćÆćŖćććēęćć¾ć(ē¬¬13.5.3.2é
ć®ćć³ć³ćć¼ćć³ćć®ē£ę»å®ē¾©ć®č”Øē¤ŗć)ć
IAUć¹ćć¼ćć»ć¦ć¼ć¶ć¼ćØćć¦ćć¼ćæćć¼ć¹ć«ćć°ć¤ć³ććåčæ°ć®ęé ć®SQLć¹ćÆćŖćććä½æēØćććć„ć¼ćä½ęćć¾ćć
ćć„ć¼ć«åćåććć¬ćć¼ćä½ęć¢ććŖć±ć¼ć·ć§ć³ćę§ęćć¾ćć
ćććÆćApplicationAudit
ć³ć³ćć¼ćć³ćēØcreateAuditDBView
ć®ćµć³ćć«åŗåć§ćć
-- Audit View for Component CREATE VIEW ApplicationAudit_AUDITVIEW AS SELECT IAU_AUDITSERVICE.IAU_TRANSACTIONID AS AUDITSERVICE_TRANSACTIONID, IAU_COMMON.IAU_COMPONENTTYPE AS ComponentType, IAU_COMMON.IAU_MAJORVERSION AS MajorVersion, IAU_COMMON.IAU_MINORVERSION AS MinorVersion, IAU_COMMON.IAU_INSTANCEID AS InstanceId, IAU_COMMON.IAU_HOSTID AS HostId, IAU_COMMON.IAU_HOSTNWADDR AS HostNwaddr, IAU_COMMON.IAU_MODULEID AS ModuleId, IAU_COMMON.IAU_PROCESSID AS ProcessId, IAU_COMMON.IAU_ORACLEHOME AS OracleHome, IAU_COMMON.IAU_HOMEINSTANCE AS HomeInstance, IAU_COMMON.IAU_ECID AS ECID, IAU_COMMON.IAU_RID AS RID, IAU_COMMON.IAU_CONTEXTFIELDS AS ContextFields, IAU_COMMON.IAU_SESSIONID AS SessionId, IAU_COMMON.IAU_TARGETCOMPONENTTYPE AS TargetComponentType, IAU_COMMON.IAU_APPLICATIONNAME AS ApplicationName, IAU_COMMON.IAU_EVENTTYPE AS EventType, IAU_COMMON.IAU_EVENTCATEGORY AS EventCategory, IAU_COMMON.IAU_EVENTSTATUS AS EventStatus, IAU_COMMON.IAU_TSTZORIGINATING AS TstzOriginating, IAU_COMMON.IAU_THREADID AS ThreadId, IAU_COMMON.IAU_COMPONENTNAME AS ComponentName, IAU_COMMON.IAU_INITIATOR AS Initiator, IAU_COMMON.IAU_MESSAGETEXT AS MessageText, IAU_COMMON.IAU_FAILURECODE AS FailureCode, IAU_COMMON.IAU_REMOTEIP AS RemoteIP, IAU_COMMON.IAU_TARGET AS Target, IAU_COMMON.IAU_RESOURCE AS IAU_RESOURCE, IAU_COMMON.IAU_ROLES AS Roles, IAU_COMMON.IAU_DOMAINNAME AS DomainName, IAU_COMMON.IAU_COMPONENTDATA AS ComponentData, IAU_COMMON.IAU_AUDITUSER AS AuditUser, IAU_COMMON.IAU_TENANTID AS TenantId, IAU_COMMON.IAU_TRANSACTIONID AS TransactionId, IAU_COMMON.IAU_USERTENANTID AS UserTenantId, IAU_CUSTOM.IAU_INT_001 AS AccountNumber, IAU_CUSTOM.IAU_DATETIME_001 AS Date, IAU_CUSTOM.IAU_FLOAT_001 AS Amount, IAU_CUSTOM.IAU_STRING_002 AS Status, IAU_CUSTOM.IAU_FLOAT_002 AS Balance, IAU_USERSESSION.IAU_AUTHENTICATIONMETHOD AS AuthenticationMethod FROM IAU_AUDITSERVICE, IAU_COMMON, IAU_CUSTOM, IAU_USERSESSION WHERE IAU_COMMON.IAU_ID = IAU_AUDITSERVICE.IAU_ID AND IAU_COMMON.IAU_ID = IAU_CUSTOM.IAU_ID AND IAU_COMMON.IAU_ID = IAU_USERSESSION.IAU_ID AND IAU_COMMON.IAU_ComponentType = 'ApplicationAudit';
Oracle Business Intelligence Publisherćå©ēØććććØć«ćććOracleć³ć³ćć¼ćć³ćć§ä½æēØåÆč½ćŖćć®ćØåćć¬ćć¼ćę©č½ćä½æēØćć¦ćć¢ććŖć±ć¼ć·ć§ć³ć®ē£ę»ćć¼ćæććć¬ćć¼ććēęć§ćć¾ćć
åŗę¬ęé ćÆꬔć®ćØććć§ćć
(createAuditDBView
ć³ćć³ććä½æēØćć¦ä½ęććć)ćć¼ćæćć¼ć¹ć»ćć„ć¼ćä½æēØććOracle BI Publisherć¬ćć¼ćć»ćć³ćć¬ć¼ććēęćć¾ćć
Oracle BI Publisherć¬ćć¼ćć»ćµć¼ćć¹ćčØå®ćć¾ćć
ć¬ćć¼ćć»ćć³ćć¬ć¼ććOracle BI Publisherć«ć³ćć¼ćć¦ćć³ć³ćć¼ćć³ćē£ę»ć¤ćć³ććč”Øē¤ŗćć¾ćć
Oracle BI Publisherć§ć¬ćć¼ććēęćć¾ćć
Oracle Platform Security Servicesć«ććć¢ććŖć±ć¼ć·ć§ć³ć®äæč·
12c (12.1.2)
E47967-02(åę¬éØåēŖå·:E39179-02)
2014幓1ę
Oracle Fusion Middleware Oracle Platform Security Servicesć«ććć¢ććŖć±ć¼ć·ć§ć³ć®äæč·, 12c (12.1.2)
E47967-02
Copyright Ā© 2003, 2014,Ā Oracle and/or its affiliates. All rights reserved.
åę¬čč : Carlos Subi
åę¬ååčč : Ā Vinaye Misra
åę¬ååč : Ā Amit AgarwalćSoumya AithalćMoushmi BanerjeećPratik DattaćJordan DouglasćGuru DuttćTodd ElwoodćVineet GargćVikas GhorpadećSandeep GuggilamćShiang-Jia HuangćDan HynesćSupriya KalyanasundaramćLakshmi KethanaćGanesh KirtićAshish KollićRohit KoulćNithya MuralidharanćFrank NimphiusćSudip RegmićBhupindra SinghćKk SriramadhesikanćMamta SurićKavita TippanaćSrikant TirumalaićRamana TurlapatićJane XućSam Zhou
ćć®ć½ććć¦ć§ć¢ććć³é¢é£ććć„ć”ć³ćć®ä½æēØćØéē¤ŗćÆćć©ć¤ć»ć³ć¹å„ē“ć®å¶ē“ę”件ć«å¾ććć®ćØććē„ēč²”ē£ć«é¢ććę³å¾ć«ććäæč·ććć¦ćć¾ććć©ć¤ć»ć³ć¹å„ē“ć§ęē¤ŗēć«čØ±č«¾ććć¦ććå “åććććÆę³å¾ć«ćć£ć¦čŖćććć¦ććå “åćé¤ććå½¢å¼ćęꮵć«é¢äæćŖćććććŖćéØåćä½æēØćč¤åćč¤č£½ćēæ»čسćę¾éćäæ®ę£ćć©ć¤ć»ć³ć¹ä¾äøćéäæ”ćé åøćēŗč”Øćå®č”ćå ¬éć¾ććÆč”Øē¤ŗććććØćÆć§ćć¾ććććć®ć½ććć¦ć§ć¢ć®ćŖćć¼ć¹ć»ćØć³ćøćć¢ćŖć³ć°ćéć¢ć»ć³ćć«ćéć³ć³ćć¤ć«ćÆäŗęę§ć®ććć«ę³å¾ć«ćć£ć¦č¦å®ććć¦ććå “åćé¤ććē¦ę¢ććć¦ćć¾ćć
ććć«čØč¼ćććę å ±ćÆäŗåćŖćć«å¤ę“ćććå “åćććć¾ććć¾ććčŖ¤ććē”ćććØć®äæčؼćÆćććććć¾ććčŖ¤ććč¦ć¤ććå “åćÆććŖć©ćÆć«ē¤¾ć¾ć§ćé£ēµ”ćć ććć
ćć®ć½ććć¦ć§ć¢ć¾ććÆé¢é£ććć„ć”ć³ćććē±³å½ęæåŗę©é¢ććććÆē±³å½ęæåŗę©é¢ć«ä»£ćć£ć¦ćć®ć½ććć¦ć§ć¢ć¾ććÆé¢é£ććć„ć”ć³ććć©ć¤ć»ć³ć¹ćććč ć«ęä¾ćććå “åćÆćꬔć®Noticećé©ēØććć¾ćć
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
ćć®ć½ććć¦ć§ć¢ć¾ććÆćć¼ćć¦ć§ć¢ćÆę§ć ćŖę å ±ē®”ēć¢ććŖć±ć¼ć·ć§ć³ć§ć®äøč¬ēćŖä½æēØć®ććć«éēŗććććć®ć§ćććć®ć½ććć¦ć§ć¢ć¾ććÆćć¼ćć¦ć§ć¢ćÆćå±éŗć伓ćć¢ććŖć±ć¼ć·ć§ć³(äŗŗēå·å®³ćēŗēćććåÆč½ę§ćććć¢ććŖć±ć¼ć·ć§ć³ćå«ć)ćøć®ēØéćē®ēćØćć¦éēŗććć¦ćć¾ććććć®ć½ććć¦ć§ć¢ć¾ććÆćć¼ćć¦ć§ć¢ćå±éŗć伓ćć¢ććŖć±ć¼ć·ć§ć³ć§ä½æēØććéććć®ć½ććć¦ć§ć¢ć¾ććÆćć¼ćć¦ć§ć¢ćå®å Øć«ä½æēØććććć«ćé©åćŖå®å Øč£ ē½®ććććÆć¢ćććåé·ę§(redundancy)ććć®ä»ć®åƾēćč¬ććććØćÆä½æēØč ć®č²¬ä»»ćØćŖćć¾ćććć®ć½ććć¦ć§ć¢ććććÆćć¼ćć¦ć§ć¢ćå±éŗć伓ćć¢ććŖć±ć¼ć·ć§ć³ć§ä½æēØććććØć«čµ·å ćć¦ę害ćēŗēćć¦ćććŖć©ćÆć«ē¤¾ććć³ćć®é¢é£ä¼ē¤¾ćÆäøåć®č²¬ä»»ćč² ćććć¾ćć
OraclećÆOracle Corporationććć³ćć®é¢é£ä¼ę„ć®ē»é²åęØć§ćććć®ä»ć®åē§°ćÆćććććć®ęęč ć®åęØć¾ććÆē»é²åęØć§ćć
ćć®ć½ććć¦ć§ć¢ććć³ććć„ć”ć³ććÆćē¬¬äøč ć®ć³ć³ćć³ććč£½åććµć¼ćć¹ćøć®ć¢ćÆć»ć¹ćććććÆćććć«é¢ććę å ±ćęä¾ććććØćććć¾ćććŖć©ćÆć«ē¤¾ććć³ćć®é¢é£ä¼ē¤¾ćÆćē¬¬äøč ć®ć³ć³ćć³ććč£½åććµć¼ćć¹ć«é¢ćć¦äøåć®č²¬ä»»ćč² ććććććŖćäæčؼććććć¾ććććŖć©ćÆć«ē¤¾ććć³ćć®é¢é£ä¼ē¤¾ćÆćē¬¬äøč ć®ć³ć³ćć³ććč£½åććµć¼ćć¹ćøć®ć¢ćÆć»ć¹ć¾ććÆä½æēØć«ćć£ć¦ę失ćč²»ēØćććććÆę害ćēŗēćć¦ććäøåć®č²¬ä»»ćč² ćććć¾ćć
ćć®éØć§ćÆćꬔć®åē« ć§OPSSć®åŗę¬ēćŖē®”ēę©č½ć«ć¤ćć¦čŖ¬ęćć¾ćć
ćć®ä»é²ć§ćÆćć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć§OpenLDAP 2.2ćä½æēØććå “åć«åæ č¦ćØćŖćē¹ę®ćŖčØå®ć«ć¤ćć¦čŖ¬ęćć¾ćć
å 容ćÆꬔć®ćØććć§ćć
OpenLDAP 2.2ćć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ćØćć¦ä½æēØććć«ćÆćꬔć®ććć«ćć¾ćć
WebLogic Serverē®”ēć³ć³ć½ć¼ć«ćä½æēØćć¦ćę°ććčŖčؼćććć¤ććä½ęćć¾ćććć®ę°č¦ćććć¤ćć«åƾćć¦:
čŖčؼå ć®ćŖć¹ććććOpenLDAPAuthenticatorććéøęćć¾ćć
OpenLDAPAuthenticatorć®å¶å¾”ćć©ć°ćSUFFICIENTć«čØå®ćć¾ćć
DefaultAuthenticatorć®å¶å¾”ćć©ć°ćSUFFICIENTć«čØå®ćć¾ćć
OpenLDAPAuthenticatorććŖć¹ćć®å é ć«ćŖćććć«čŖčؼå ć®é åŗćå¤ę“ćć¾ćć
OpenLDAPAuthenticatorć®ććććć¤ćåŗęććć¼ćøć§ććć¦ć¼ć¶ć¼ć»ćć¼ć¹DNććØćć°ć«ć¼ćć»ćć¼ć¹DNććå „åćććååęå®ć«ććć°ć«ć¼ćć»ćć£ć«ćæćć®ćŖććøć§ćÆćć»ćÆć©ć¹ć®å¤ćgroupofnames仄å¤ć®å¤ć«čØå®ćć¾ćć
OpenLDAPć¤ć³ć¹ćć¼ć«ć®ćć¼ć ć»ćć£ć¬ćÆććŖćććꬔć®ęé ćå®č”ćć¾ćć
ćć”ć¤ć«slapd.conf
ćē·Øéć®ććć«éćć¾ćć
ćć®ćć”ć¤ć«å ć®äøēŖäøć«ććincludeć»ćÆć·ć§ć³ć«ę¬”ć®č”ćęæå „ćć¾ćć
include ./schema/inetorgperson.schema
ćć”ć¤ć«ćäæåććOpenLDAPćåčµ·åćć¾ćć
åčæ°ć®čØå®ćč”ććØćOpenLDAPć§ę°č¦ć®å¤éØćć¼ć«ćä½ęćććć³ć«ććŖććøć§ćÆćć»ćÆć©ć¹inetorgperson
ććć®å¤éØćć¼ć«ć«čæ½å ć§ćć¾ććå¤éØćć¼ć«ćć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć«ćććć³ć°ććććć«ćÆććć®ćŖććøć§ćÆćć»ćÆć©ć¹ćåæ
č¦ć§ćć
ćć®ä»é²ć§ćÆćWLSTć³ćć³ććØMBeanććć°ć©ćć³ć°ćä½æēØćć¦å®č”ćććę”å¼µē®”ēćæć¹ćÆć«ć¤ćć¦čŖ¬ęćć¾ćć
ꬔć®é ē®ć«ć¤ćć¦čŖ¬ęćć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć§ć¦ć¼ć¶ć¼ććć³ćć¼ć«APIćä½æēØćć¦ćććććć©ć«ćå±ę§(cn)ćØćÆē°ćŖćčŖčؼćććć¤ćć®ć¦ć¼ć¶ć¼å±ę§ć«ć¢ćÆć»ć¹ććåæ č¦ćććå “åć«ćÆćWebLogicē®”ēć³ć³ć½ć¼ć«ćä½æēØćć¦ćåæ č¦ćŖć¦ć¼ć¶ć¼å±ę§ćä½æēØć§ććććć«čŖčؼćććć¤ććę§ęćć¾ććććć©ć«ććØćÆē°ćŖćå±ę§ćä½æēØććć¦ć¼ć¶ć¼ććć³ćć¼ć«API仄å¤ć§ććčŖčؼćććć¤ćć®é©åćŖåęåćÆåæ č¦ć§ćć
ꬔć®ęé ć§ćÆćć¹ćÆćŖćććä½æēØćć¦čŖčؼćććć¤ćć®åęåćå¤ę“ććę¹ę³ć«ć¤ćć¦čŖ¬ęćć¾ććććć«ćććę§ęćććć¦ć¼ć¶ć¼å±ę§ćć¦ć¼ć¶ć¼ććć³ćć¼ć«APIć§ä½æēØćć¦ćę§ęćććčŖčؼćććć¤ćć®ćć¼ćæć«ć¢ćÆć»ć¹ć§ććććć«ćŖćć¾ćć
WebLogicć¹ćÆćŖććć®č©³ē“°ćÆććWebLogic Scripting Toolć®ēč§£ććåē §ćć¦ćć ććć
ćµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ć«ć¹ćæć ć»ććććć£ćčæ½å ć¾ććÆę“ę°ććć«ćÆćꬔć®ęé ćå®č”ćć¾ćć
ꬔć®ć³ć³ćć³ććå«ćpyć¹ćÆćŖććć»ćć”ć¤ć«ćä½ęćć¾ćć
import sys connect('userName
', 'userPassword
', 'url
', 'adminServerName
') domainRuntime() val = None key = None si = None for i in range(len(sys.argv)): if sys.argv[i] == "-si": si = sys.argv[i+1] if sys.argv[i] == "-key": key = sys.argv[i+1] if sys.argv[i] == "-value": val = sys.argv[i+1] on = ObjectName("com.oracle.jps:type=JpsConfig") sign = ["java.lang.String","java.lang.String","java.lang.String"] params = [si,key,val] mbs.invoke(on, "updateServiceInstanceProperty", params, sign) mbs.invoke(on, "persist", None, None)
ä½ęććć¹ćÆćŖććć§ćuserNamećuserPassćlocalHostććć³portNumberććē®ēć®ćć”ć¤ć³ć®ē®”ēćµć¼ćć¼ćøć®ę„ē¶ć«é©ććęååć«ē½®ęćć¾ććconnect
ćä½æēØććć«ćÆćć¹ćÆćŖćććå¼ć³åŗććććØćć«ę„ē¶å
ć®ćµć¼ćć¼ćēؼåćć¦ććåæ
č¦ćććć¾ćć
ćć®ć¹ćÆćŖććććć”ć¤ć«/tmp/updateServiceInstanceProperty.py
ć«äæåćććØä»®å®ćć¾ćć
wlst.sh
ćć”ć¤ć«ćę ¼ē“ććć¦ćććć£ć¬ćÆććŖ$ORACLE_HOME/common/bin
ć«å¤ę“ćć¾ćć
>cd $ORACLE_HOME/common/bin
ꬔć®ć³ćć³ććå®č”ćć¾ćć
>wlst.sh /tmp/updateServiceInstanceProperty.py -si servInstName -key propKey -value propValue
čŖ¬ę:
servInstNamećÆćå¤ę“åÆ¾č±”ć®ććććć£ććććµć¼ćć¹ć»ć¤ć³ć¹ćæć³ć¹ć»ćććć¤ćć®ååć§ćć
propKeyćÆćęæå „ć¾ććÆå¤ę“ććććććć£ć®ååćčå„ćć¾ćć
propValuećÆćčæ½å ć¾ććÆę“ę°ććå¤ć®ååć§ćć
ē©ŗē½ęåćå«ć¾ćć¦ććå¼ę°ćÆćäŗéå¼ēØē¬¦ć§å²ćåæ č¦ćććć¾ćć
åčæ°ć®ć³ćć³ććčµ·åćććć³ć«ćęø”ćććć¤ć³ć¹ćæć³ć¹ć»ćććć¤ćć«ććććć£ćčæ½å ć¾ććÆę“ę°ććććØć«ćć£ć¦ććć”ć¤ć³ę§ęćć”ć¤ć«$DOMAIN_HOME/config/fmwconfig/jps-config.xml
ćå¤ę“ććć¾ććęø”ććććć¼ćę¢åć®ććććć£ć®ååćØäøč“ććå “åććć®ććććć£ćÆęø”ćććå¤ć§ę“ę°ććć¾ćć
Oracle WebLogicćµć¼ćć¼ćåčµ·åćć¾ććę§ęć«å ććććå¤ę“ćÆććµć¼ćć¼ćåčµ·åććŖććØęå¹ć«ćŖćć¾ććć
ä½æēØä¾
ććć§ćÆććć”ć¤ć³ę§ęćć”ć¤ć«ć«ćidstore.ldap
ćØććååć®čŖčؼćććć¤ććå«ć¾ćć¦ććććØćåęćØćć¾ććꬔć®å¼åŗććå®č”ćć¾ćć
wlst.sh /tmp/updateServiceInstanceProperty.py -si idstore.ldap -key "myPropName" -value "myValue"
ććć«ćć£ć¦ćꬔć®ć¹ććććć«ē¤ŗććć¦ććććć«ććć®ć¤ć³ć¹ćæć³ć¹ć»ćććć¤ććęć¤ęå®ć®ććććć£ćčæ½å ć¾ććÆę“ę°ććć¾ćć
<serviceInstance provider="idstore.ldap.provider" name="idstore.ldap"> ... <property name="myPropName" value="myValue"/> ... </serviceInstance>
åčæ°ć®ę§ęćä½æēØćć¦čŖčؼćććć¤ććåęåććććØćć¦ć¼ć¶ć¼ććć³ćć¼ć«APIćÆćć¦ć¼ć¶ć¼å±ę§mail
ćä½æēØćć¦ććć®čŖčؼćććć¤ćć®ć¦ć¼ć¶ć¼ę
å ±ć«ć¢ćÆć»ć¹ć§ćć¾ćć
Oracle Platform Security Servicesć«ćÆćOracle Enterprise Manager Fusion Middleware Controlććć³OPSSć®ć»ćć„ćŖćć£ć»ć¹ćÆćŖććć«ćć£ć¦Oracle Platform Security Servicesć®ē®”ēćę§ęććć³ē£č¦ć«ä½æēØćććJMXęŗę ć®Java EE BeansćēØęććć¦ćć¾ćć
MBeansćÆćJava EEć¢ććŖć±ć¼ć·ć§ć³ć§ć®ćæä½æēØććććØććč¦ććć¾ćć
OPSS MBeans API javadocćå«ćOPSS API javadocsćøć®ćŖć³ćÆćÆćē¬¬G.1é ć®ćOPSS APIćŖćć”ć¬ć³ć¹ćć«čØč¼ććć¦ćć¾ćć
ćć®é ć®å 容ćÆꬔć®ćØććć§ćć
č”ØE-1ćÆććµćć¼ććććMBeansćØćć®åŗę¬ę©č½ćććć³ćæć¹ćÆćå®č”ććććć«ć«ć¹ćæć ć»ć¹ćÆćŖććć¾ććÆJava SEććć°ć©ć ć§ä½æēØćććŖććøć§ćÆćåćē¤ŗćć¦ćć¾ćć
č”ØE-1 OPSS MBeansć®ćŖć¹ć
MBean | ę©č½ | MBeanServerć®ę„ē¶å |
---|---|---|
Jpsę§ę |
ę“ę°ć¾ććÆęøč¾¼ćæęä½ć§ćÆććµć¼ćć¼ćåčµ·åćć¦å¤ę“ćęå¹ć«ććåæ č¦ćććć¾ćć |
|
č³ę ¼čؼęć¹ćć¢ |
č³ę ¼čؼęćć¼ćæćć¤ć¾ćććć©ć«ćć®ć³ć³ććć¹ćć§ę§ęćććć¹ćć¢ć»ćµć¼ćć¹ćē®”ēćć¾ćć ę“ę°ć¾ććÆęøč¾¼ćæęä½ć®å “åćÆćå¤ę“ćęå¹ć«ććććć«ćµć¼ćć¼ćåčµ·åććåæ č¦ćÆććć¾ćććå¤ę“ćÆćć¹ć¦ććć ć”ć«ęå¹ć«ćŖćć¾ććć¢ćÆć»ć¹ćÆćē®”ēč ć®ćæć«å¶éććć¾ćć |
|
ć°ćć¼ćć«ć»ććŖć·ć¼ć»ć¹ćć¢ |
ććć©ć«ćć®ć³ć³ććć¹ćć§ę§ęćććććŖć·ć¼ć»ć¹ćć¢ć§ćć°ćć¼ćć«ć»ććŖć·ć¼ćē®”ēćć¾ćć ę“ę°ć¾ććÆęøč¾¼ćæęä½ć®å “åćÆćå¤ę“ćęå¹ć«ććććć«ćµć¼ćć¼ćåčµ·åććåæ č¦ćÆććć¾ćććå¤ę“ćÆćć¹ć¦ććć ć”ć«ęå¹ć«ćŖćć¾ćć |
|
ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć»ć¹ćć¢ |
ććć©ć«ćć®ć³ć³ććć¹ćć§ę§ęćććććŖć·ć¼ć»ć¹ćć¢ć§ćć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ćē®”ēćć¾ćć ę“ę°ć¾ććÆęøč¾¼ćæęä½ć®å “åćÆćå¤ę“ćęå¹ć«ććććć«ćµć¼ćć¼ćåčµ·åććåæ č¦ćÆććć¾ćććå¤ę“ćÆćć¹ć¦ććć ć”ć«ęå¹ć«ćŖćć¾ćć |
|
ē®”ēććŖć·ć¼ć»ć¹ćć¢ |
ē¾åØć®JMXć³ć³ććć¹ćć«ćć°ć¤ć³ććć¦ć¼ć¶ć¼ćē¹å®ć®ćć¼ć«ć«å±ćć¦ćććć©ćććę¤čؼćć¾ććććć«ćć£ć¦ę§ęć®å¤ę“ć容ęć«ćŖćććØćÆććć¾ććć |
|
OPSS MBeanćčµ·åććć«ćÆćꬔć®2ć¤ć®åŗę¬ēćŖę¹ę³ćććć¾ćć
Oracle WebLogic Scripting Toolćä½æēØćć¦ć¹ćÆćŖćććä½ęććå®č”ćć¾ć(č©³ē“°ćÆććWebLogic Scripting Toolć®ēč§£ćć®ćMBeanć®ē§»å(WLSTćŖć³ć©ć¤ć³)ććåē §ćć¦ćć ćć)ć
Javaććć°ć©ć ćä½ęćć¾ććē¬¬E.2.3é ć®ćOPSS MBeansćä½æēØććććć°ć©ćć³ć°ćć«ććć®ć¢ććć¼ććčŖ¬ęćććµć³ćć«ć»ććć°ć©ć ćčØč¼ććć¦ćć¾ćć
ę³Øę: å„ć®ę¹ę³ćØćć¦ćFusion Middleware Controlć§MBeanćć©ć¦ć¶ćä½æēØćć¦MBeanćčµ·åććććØćć§ćć¾ćććć ćććć®ę¹ę³ć§ćÆćććććęä½ććå®č”ć§ććććć¼ćæć®ä½ęęé ćč¤éć§ćć ćć®ćć©ć¦ć¶ć«ć¢ćÆć»ć¹ććć«ćÆćFusion Middleware Controlć«ćć°ć¤ć³ććꬔć®ęé ćå®č”ćć¾ćć
ććØćć°ććJps Configuration MBeanććÆććć®é層ć®ę¬”ć®å “ęć«ććć¾ćć Application Defined MBeans/com.oracle.jps/Domain:myDomain/JpsConfig/JpsConfig ćć®ćć©ć¦ć¶ć®č©³ē“°ćÆćFusion Middleware Controlć®ćŖć³ć©ć¤ć³ć»ćć«ćć»ć·ć¹ćć ćåē §ćć¦ćć ććć |
ꬔć®ćµć³ćć«ć»ć³ć¼ććÆćWebLogic Server t3ćććć³ć«ćä½æēØćć¦Jps Configuration MBeanćčµ·åććę¹ę³ćē¤ŗćć¦ćć¾ćććć®ćµć³ćć«ć§ćÆćꬔć®éč¦ćŖē¹ć«ēęćć¦ćć ććć
ꬔć®JARćć”ć¤ć«ććÆć©ć¹ćć¹ć«å „ć£ć¦ććććØćåęćØćć¾ćć
$ORACLE_HOME/oracle_common/modules/oracle.jps_11.1.1/jps-api.jar
$ORACLE_HOME/oracle_common/modules/oracle.jps_11.1.1/jps-mbeans.jar
$ORACLE_HOME/oracle_common/modules/oracle.jmx_11.1.1/jmxframework.jar
$ORACLE_HOME/oracle_common/modules/oracle.idm_11.1.1/identitystore.jar
$WEBLOGIC_HOME/server/lib/wljmxclient.jar
ę„ē¶ćÆćć”ć½ććinit
ćä½æēØćć¦ē¢ŗē«ććć¦ćć¾ćć
ę“ę°ęä½ć®å¾ć§ćÆåæ ććē¶ęć®ććć®ć³ć¼ć«ćč”ćć¾ćć
import java.io.IOException; import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import javax.management.InstanceNotFoundException; import javax.management.MBeanException; import javax.management.MBeanServerConnection; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; import javax.management.ReflectionException; import javax.management.openmbean.CompositeData; import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import javax.management.remote.JMXServiceURL; import javax.naming.Context; import oracle.security.jps.mas.mgmt.jmx.credstore.PortableCredential; import oracle.security.jps.mas.mgmt.jmx.credstore.PortablePasswordCredential; import oracle.security.jps.mas.mgmt.jmx.policy.PortableApplicationRole; import oracle.security.jps.mas.mgmt.jmx.policy.PortableCodeSource; import oracle.security.jps.mas.mgmt.jmx.policy.PortableGrant; import oracle.security.jps.mas.mgmt.jmx.policy.PortableGrantee; import oracle.security.jps.mas.mgmt.jmx.policy.PortablePermission; import oracle.security.jps.mas.mgmt.jmx.policy.PortablePrincipal; import oracle.security.jps.mas.mgmt.jmx.policy.PortableRoleMember; import oracle.security.jps.mas.mgmt.jmx.util.JpsJmxConstants; public class InvokeJpsMbeans { private static JMXConnector connector; private static MBeanServerConnection wlsMBeanConn; private static ObjectName configName; private static ObjectName credName; private static ObjectName appPolName; private static ObjectName gloPolName; private static ObjectName adminPolName; private final static String STR_NAME =String.class.getName(); public static void main(String args[]) { // Intialize connection and retrieve connection object init(); //Check registration if (isRegistered(configName)) System.out.println("Jps Config MBean is registered"); if (isRegistered(credName)) System.out.println("Jps Credential Mbean is registered"); if (isRegistered(appPolName)) System.out.println("Jps Application policy Mbean is registered"); if (isRegistered(gloPolName)) System.out.println("Jps Global policy Mbean is registered"); if (isRegistered(adminPolName)) System.out.println("Jps Admin Policy Mbean is registered"); //invoke MBeans invokeConfigMBeanMethods(); invokeCredentialMBeanMethods(); invokeApplicationPolicyMBeanMethods(); invokeGlobalPolicyMBeanMethods(); invokeAdminPolicyMBeanMethhods(); } private static void invokeConfigMBeanMethods() { String KEY = "myKey"; String VALUE = "myValue"; String strVal; try { strVal = (String) wlsMBeanConn.invoke(configName, "updateProperty", new Object[] { KEY, VALUE }, new String[] { STR_NAME, STR_NAME }); wlsMBeanConn.invoke(configName,"persist",null,null); strVal = (String) wlsMBeanConn.invoke(configName, "getProperty", new Object[] { KEY }, new String[] { STR_NAME }); System.out.println("Updated the property: " + strVal.equals(strVal)); strVal = (String) wlsMBeanConn.invoke(configName, "removeProperty", new Object[] { KEY }, new String[] { STR_NAME }); wlsMBeanConn.invoke(configName,"persist",null,null); } catch (InstanceNotFoundException e) { // auto-generated catch block e.printStackTrace(); } catch (MBeanException e) { // auto-generated catch block e.printStackTrace(); } catch (ReflectionException e) { // auto-generated catch block e.printStackTrace(); } catch (IOException e) { // auto-generated catch block e.printStackTrace(); } } private static void invokeCredentialMBeanMethods() { String USER = "jdoe"; String PASSWORD = "welcome1"; String ALIAS = "mapName"; String KEY = "keyValue"; PortableCredential cred = new PortablePasswordCredential(USER, PASSWORD.toCharArray()); try { //seed a password credential wlsMBeanConn.invoke(credName, "setPortableCredential", new Object[] { ALIAS, KEY, cred.toCompositeData(null) }, new String[] { STR_NAME, STR_NAME, CompositeData.class.getName() }); boolean bContainsMap = (Boolean) wlsMBeanConn.invoke(credName, "containsMap", new Object[] { ALIAS }, new String[] { STR_NAME }); System.out.println("Credstore contains map: " + ALIAS + " - " +bContainsMap); boolean bContainsCred = (Boolean) wlsMBeanConn.invoke(credName, "containsCredential", new Object[] { ALIAS, KEY }, new String[] { STR_NAME, STR_NAME }); System.out.println("Contains Credential; " + bContainsCred); CompositeData cd = (CompositeData) wlsMBeanConn.invoke(credName, "getPortableCredential", new Object[] { ALIAS, KEY }, new String[] { STR_NAME, STR_NAME }); cred = PortableCredential.from(cd); PortablePasswordCredential pc = (PortablePasswordCredential) cred; System.out.println("User name should be " + USER + " Retrieved - " + pc.getName()); System.out.println("Password should be " + PASSWORD + "retrieved - " + new String(pc.getPassword())); //delete entire map wlsMBeanConn.invoke(credName, "deleteCredentialMap", new Object[] {ALIAS}, new String[] {STR_NAME} ); } catch (InstanceNotFoundException e) { // auto-generated catch block e.printStackTrace(); } catch (MBeanException e) { // auto-generated catch block e.printStackTrace(); } catch (ReflectionException e) { // auto-generated catch block e.printStackTrace(); } catch (IOException e) { // auto-generated catch block e.printStackTrace(); } } private static void invokeApplicationPolicyMBeanMethods() { //add grants to approles //first create application policy String TESTGET_APP_ROLES_MEMBERS = "testgetAppRolesMembers"; try { wlsMBeanConn.invoke(appPolName, "deleteApplicationPolicy", new Object[] { TESTGET_APP_ROLES_MEMBERS }, new String[] { STR_NAME }); } catch (Exception e ) { System.out.println("IGNORE: App " + TESTGET_APP_ROLES_MEMBERS + " might not exist"); } try { wlsMBeanConn.invoke(appPolName, "createApplicationPolicy", new Object[] { TESTGET_APP_ROLES_MEMBERS }, new String[] { STR_NAME }); // add remove members to applicaiton roles // Create App Role here String APP_ROLE_NAME = "ravenclaw_house"; wlsMBeanConn.invoke(appPolName, "createApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, APP_ROLE_NAME, null, null, null }, new String[] { STR_NAME, STR_NAME, STR_NAME, STR_NAME, STR_NAME }); CompositeData cd = (CompositeData) wlsMBeanConn.invoke(appPolName, "getApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, APP_ROLE_NAME }, new String[] { STR_NAME, STR_NAME }); PortableApplicationRole appRole = PortableApplicationRole.from(cd); //Add custom principal here PortableRoleMember prm_custom = new PortableRoleMember("My.Custom.Principal","CustomPrincipal",null,null,null); CompositeData[] arrCompData = { prm_custom.toCompositeData(null) }; cd = (CompositeData) wlsMBeanConn.invoke(appPolName, "addMembersToApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, appRole.toCompositeData(null), arrCompData }, new String[] { STR_NAME, CompositeData.class.getName(), CompositeData[].class.getName() }); // Chk if member got added CompositeData[] arrCD = (CompositeData[]) wlsMBeanConn.invoke(appPolName, "getMembersForApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, appRole.toCompositeData(null) }, new String[] { STR_NAME, CompositeData.class.getName() }); PortableRoleMember[] actRM = getRMArrayFromCDArray(arrCD); PortableRoleMember[] expRM = { prm_custom}; chkRoleMemberArrays(actRM, expRM); cd = (CompositeData) wlsMBeanConn.invoke(appPolName, "removeMembersFromApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, appRole.toCompositeData(null), arrCompData }, new String[] { STR_NAME, CompositeData.class.getName(), CompositeData[].class.getName() }); // Chk if member got removed arrCD = (CompositeData[]) wlsMBeanConn.invoke(appPolName, "getMembersForApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, appRole.toCompositeData(null) }, new String[] { STR_NAME, CompositeData.class.getName() }); System.out.println("length should be zero :" + arrCD.length); // Remove the App Role wlsMBeanConn.invoke(appPolName, "removeApplicationRole", new Object[] { TESTGET_APP_ROLES_MEMBERS, APP_ROLE_NAME }, new String[] { STR_NAME, STR_NAME }); wlsMBeanConn.invoke(appPolName, "deleteApplicationPolicy", new Object[] { TESTGET_APP_ROLES_MEMBERS }, new String[] { STR_NAME }); } catch (InstanceNotFoundException e) { // auto-generated catch block e.printStackTrace(); } catch (MBeanException e) { // auto-generated catch block e.printStackTrace(); } catch (ReflectionException e) { // auto-generated catch block e.printStackTrace(); } catch (IOException e) { // auto-generated catch block e.printStackTrace(); } } private static PortableRoleMember[] getRMArrayFromCDArray(CompositeData[] arrCD) { PortableRoleMember[] actRM = new PortableRoleMember[arrCD.length]; int idx = 0; for (CompositeData cdRM : arrCD) { actRM[idx++] = PortableRoleMember.from(cdRM); } return actRM; } private static void chkRoleMemberArrays(PortableRoleMember[] arrExpectedRM, PortableRoleMember[] arrActRM) { List < PortableRoleMember > lstExpRM = new ArrayList < PortableRoleMember >(Arrays.asList(arrExpectedRM)); List < PortableRoleMember > lstActRM = new ArrayList < PortableRoleMember >(Arrays.asList(arrActRM)); for (PortableRoleMember actRM : lstActRM) { for (int idx = 0; idx < lstExpRM.size(); idx++) { PortableRoleMember expRM = (PortableRoleMember) lstExpRM.get(idx); if (expRM.equals(actRM)) { lstExpRM.remove(idx); break; } } } System.out.println("List should be empty - " + lstExpRM.size()); } private static void invokeAdminPolicyMBeanMethhods() { //Connection is established as weblogic user, who by OOTB gets all permissions Boolean bool; try { bool = (Boolean) wlsMBeanConn.invoke(adminPolName,"checkRole",new Object[]{"Admin"}, new String[]{STR_NAME}); System.out.println("Werblogic has Admin role: " + bool); bool = (Boolean) wlsMBeanConn.invoke(adminPolName,"checkRole",new Object[] {"Configurator"}, new String[]{STR_NAME}); System.out.println("Werblogic has Configurator role: " + bool); bool = (Boolean) wlsMBeanConn.invoke(adminPolName,"checkRole", new Object[]{new String[] {"Operator", "Admin", "Configurator"}}, new String[]{String[].class.getName()}); System.out.println("Werblogic has Admin,Operator,Configurator role: " + bool); } catch (InstanceNotFoundException e) { // auto-generated catch block e.printStackTrace(); } catch (MBeanException e) { // auto-generated catch block e.printStackTrace(); } catch (ReflectionException e) { // auto-generated catch block e.printStackTrace(); } catch (IOException e) { // auto-generated catch block e.printStackTrace(); } } private static void invokeGlobalPolicyMBeanMethods() { // lets create a grant in system policy PortablePrincipal CUSTOM_JDOE = new PortablePrincipal("oracle.security.jps.internal.core.principals.CustomXmlUserImpl", "jdoe", PortablePrincipal.PrincipalType.CUSTOM); PortablePrincipal CUSTOM_APP_ADMINS = new PortablePrincipal("oracle.security.jps.internal.core.principals.CustomXmlEnterpriseRoleImpl", "oc4j-app-administrators", PortablePrincipal.PrincipalType.CUSTOM); PortablePrincipal[] arrPrincs = {CUSTOM_JDOE, CUSTOM_APP_ADMINS}; //code source URL String URL = "http://www.oracle.com/as/jps-api.jar"; PortableCodeSource pcs = new PortableCodeSource(URL); PortableGrantee pge = new PortableGrantee(arrPrincs, pcs); PortablePermission CSF_PERM = new PortablePermission("oracle.security.jps.service.credstore.CredentialAccessPermission", "context=SYSTEM,mapName=MY_MAP,keyName=MY_KEY", "read"); PortablePermission[] arrPerms = {CSF_PERM}; PortableGrant grnt = new PortableGrant(pge, arrPerms); CompositeData[] arrCompData = { grnt.toCompositeData(null) }; try { System.out.println("Creating System Policy grant"); wlsMBeanConn.invoke(gloPolName, "grantToSystemPolicy", new Object[] { arrCompData }, new String[] { CompositeData[].class.getName() }); System.out.println("Deleting the created grant"); wlsMBeanConn.invoke(gloPolName, "revokeFromSystemPolicy", new Object[] { arrCompData }, new String[] { CompositeData[].class.getName() }); } catch (InstanceNotFoundException e) { // auto-generated catch block e.printStackTrace(); } catch (MBeanException e) { // auto-generated catch block e.printStackTrace(); } catch (ReflectionException e) { // auto-generated catch block e.printStackTrace(); } catch (IOException e) { // auto-generated catch block e.printStackTrace(); } } private static boolean isRegistered(ObjectName name) { try { return wlsMBeanConn.isRegistered(name); } catch (IOException e) { // auto-generated catch block e.printStackTrace(); } return false; } private static void init() { String protocol = "t3"; String jndi_root = "/jndi/"; String wlserver = "myWLServer"; String host = "myHost.com"; int port = 7001; String adminUsername = "myAdminName"; String adminPassword = "myAdminPassw"; JMXServiceURL url; try {ļ@æ url = new JMXServiceURL(protocol,host,port,jndi_root+wlserver); HashMap<String, Object> env = new HashMap<String, Object>(); env.put(Context.SECURITY_PRINCIPAL, adminUsername); env.put(Context.SECURITY_CREDENTIALS, adminPassword); env.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES, "weblogic.management.remote"); connector = JMXConnectorFactory.connect(url, env); wlsMBeanConn = connector.getMBeanServerConnection(); //create object names // the next string is set to com.oracle.jps:type=JpsConfig configName = new ObjectName(JpsJmxConstants.MBEAN_JPS_CONFIG_FUNCTIONAL); // the next string is set to com.oracle.jps:type=JpsApplicationPolicyStore appPolName = new ObjectName(JpsJmxConstants.MBEAN_JPS_APPLICATION_POLICY_STORE); // the next string is set to com.oracle.jps:type=JpsGlobalPolicyStore gloPolName = new ObjectName(JpsJmxConstants.MBEAN_JPS_GLOBAL_POLICY_STORE); // the next string is set to com.oracle.jps:type=JpsAdminPolicyStore adminPolName = new ObjectName(JpsJmxConstants.MBEAN_JPS_ADMIN_POLICY_STORE); // the next string is set to com.oracle.jps:type=JpsCredentialStore credName = new ObjectName(JpsJmxConstants.MBEAN_JPS_CREDENTIAL_STORE); } catch (MalformedURLException e) { // take proper action e.printStackTrace(); } catch (IOException e) { // take proper action e.printStackTrace(); } catch (MalformedObjectNameException e) { // auto-generated catch block e.printStackTrace(); } } }
ććć°ć©ć ć«ćććµć¼ćć¹ć®ę§ęć®č©³ē“°ćÆćē¬¬IVéØćOracle Platform Security Servicesć®APIćä½æēØććéēŗććåē §ćć¦ćć ććć
ććć§ć®čŖ¬ęćÆOPPS MBeansć«ć®ćæéå®ććććć®ć§ćÆćŖććOracle Fusion Middleware MBeanså Øč¬ć«å½ć¦ćÆć¾ćć¾ćć
MBeansćøć®ć»ćć„ćŖćć£ć»ć¢ćÆć»ć¹ćÆćć»ćć„ćŖćć£čرåÆć§ćÆćŖććč«ēćć¼ć«ć«åŗć„ćć¦ćć¾ććMBeansć«ćÆćJMX Frameworkć«ćć£ć¦å®č”ęć«é©ēØććććć¼ć«ćć¼ć¹ć®å¶ē“ćä½æēØćć¦ę³Øéćä»ćććć¾ćć
ćć®é ć§ćÆćę³Øéć®ä½æēØę³ćę³Øéć®ęå³ć«ć¤ćć¦čŖ¬ęććē¹å®ć®ć¢ćÆć»ć¹å¶éćē¤ŗćć¦ćOracle WebLogic ServerćØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ććøć®č«ēćć¼ć«ć®ćććć³ć°ć«ć¤ćć¦č§£čŖ¬ćć¾ćć
ꬔć®ć³ć¼ćć»ć¹ććććć§ćÆćMBeanć¤ć³ćæćć§ć¼ć¹ć§ć®ćØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ćć®ę³Øé(å¤Ŗåććć¹ćć®éØå)ć®ä½æēØę³ćē¤ŗćć¾ćć
@Description(resourceKey = "demo.ScreenCustomizerRuntimeMBean.description", resourceBundleBaseName = "demo.runtime.Messages") @ImmutableInfo("true") @Since("1.1") public interface ScreenCustomizerRuntimeMXBean { @Description(resourceKey = "demo.ScreenCustomizerRuntimeMBean.Active", resourceBundleBaseName = "demo.runtime.Messages") @AttrributeGetterRequiredGlobalSecurityRole(GlobalSecurityRole.Operator) public boolean isActive(); @AttrributeSetterRequiredGlobalSecurityRole(GlobalSecurityRole.Admin) public void setActive(boolean val); @Description(resourceKey = "demo.ScreenCustomizerRuntimeMBean.ActiveVirtualScreenId", resourceBundleBaseName = "demo.runtime.Messages") @DefaultValue("0") @LegalValues( {"0", "2", "4", "6", "8" }) @RequireRestart(ConfigUptakePolicy.ApplicationRestart) @OperationRequiredGlobalSecurityRole(GlobalSecurityRole.Admin) public void setActiveVirtualScreenId(int id) throws IllegalArgumentException; ā¦ }
åčæ°ć®ćµć³ćć«ć»ć³ć¼ćć®ę³ØéćÆćꬔć®ćØććć§ćć
@AtrributeGetterRequiredGlobalSecurityRole
ćÆćć¦ć¼ć¶ć¼ćgetć”ć½ććisActive
ć«ć¢ćÆć»ć¹ććć«ćÆćOperatorćć¼ć«ć«å±ćć¦ććåæ
č¦ćććććØćęå®ćć¾ćć
@AtrributeSetterRequiredGlobalSecurityRole
ćÆćć¦ć¼ć¶ć¼ćsetć”ć½ććsetActive
ć«ć¢ćÆć»ć¹ććć«ćÆćAdminćć¼ć«ć«å±ćć¦ććåæ
č¦ćććććØćęå®ćć¾ćć
@OperationRequiredGlobalSecurityRole
ćÆćć¦ć¼ć¶ć¼ćMBeanć”ć½ććsetActiveVirtualScreenId
ć«ć¢ćÆć»ć¹ććć«ćÆćAdminćć¼ć«ć«å±ćć¦ććåæ
č¦ćććććØćęå®ćć¾ćć
åčæ°ć®3ć¤ć®ę³ØéćÆćć¹ć¦ćć¤ć³ćæćć§ć¼ć¹å ć®ē¹å®ć®ć¢ć¤ćć ć«ć®ćæé©ēØćććććØć«ę³Øęćć¦ćć ććć
ꬔć®ć³ć¼ćć»ć¹ććććć§ćÆćēÆå²ć®ē°ćŖćå„ć®ę³Øé(å¤Ŗåććć¹ć)ć®ä½æēØę³ćē¤ŗćć¾ćć
@Description(resourceKey = "demo.ScreenCustomizerRuntimeMBean.description",
resourceBundleBaseName = "demo.runtime.Messages")
@ImmutableInfo("true")
@Since("1.1")
@MBeanRequiredGlobalSecurityRole(GlobalSecurityRole.Admin)
public interface ScreenCustomizerRuntimeMXBean { ā¦ }
åčæ°ć®ćµć³ćć«ć»ć³ć¼ćć®ę³Øé@MbeanRequiredGlobalSecurityRole
ć§ćÆćMBeanć®ęä½ć¾ććÆå±ę§ć®ćć¹ć¦ć«ć¤ćć¦ćć¦ć¼ć¶ć¼ććććć«ć¢ćÆć»ć¹ććć«ćÆćAdminćć¼ć«ć«å±ćć¦ććåæ
č¦ćććććØćęå®ćć¦ćć¾ććć¤ć¾ćććć®å “åMBeanå
Øä½ćåÆ¾č±”ēÆå²ć«ćŖćć¾ććć”ć½ććć¾ććÆå±ę§ć®ēÆå²ćęå®ćć¦ććę³ØéćÆćMBeanå
Øä½ć«é©ēØćććę³ØéćććåŖå
ććć¾ćć
åęGlobalSecurityRole
ćÆćć»ćć„ćŖćć£ć»ćć§ććÆć®å®č”åć«ćē°å¢å
ć§å®éć®ćć¼ć«ć«ććććććć°ćć¼ćć«ć®č«ēćć¼ć«ć»ć»ćććå®ē¾©ćć¾ćććć®åęć«ćÆćę³Øéä»ćęä½ć¾ććÆå±ę§ć«åƾćć¦ćć¹ć¦ć®ć¦ć¼ć¶ć¼ćčŖåć/ęøč¾¼ćæęØ©éćęć£ć¦ććććØćē¤ŗćå¤NONE
ćå«ć¾ćć¦ćć¾ćć
č©³ē“°ćÆćoracle.jmx.framework Javadocć®ććć„ć”ć³ććåē §ćć¦ćć ććć
č”ØE-2ćÆććØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ććøć®č«ēćć¼ć«ć®ćććć³ć°ćē¤ŗćć¦ćć¾ćć
č”ØE-2 WebLogicć°ć«ć¼ććøć®č«ēćć¼ć«ć®ćććć³ć°
č«ēćć¼ć« | ććć©ć«ćć®ęØ©é | WebLogicć°ć«ć¼ć |
---|---|---|
Admin |
ćć¹ć¦ć®MBeansćøć®čŖåć/ęøč¾¼ćæęØ©é |
Admin |
Configurator |
ę§ęMBeansćøć®čŖåć/ęøč¾¼ćæęØ©é |
Admin |
Operator |
ę§ęMBeansćøć®čŖåćęØ©éććć¹ć¦ć®å®č”ęMBeansćøć®čŖåć/ęøč¾¼ćæęØ©é |
Operator |
Monitor |
ćć¹ć¦ć®MBeansćøć®čŖåćęØ©é |
Monitor |
ApplicationAdmin |
ćć¹ć¦ć®ć¢ććŖć±ć¼ć·ć§ć³MBeansćøć®čŖåć/ęøč¾¼ćæęØ©é |
Admin |
ApplicationConfigurator |
ćć¹ć¦ć®ć¢ććŖć±ć¼ć·ć§ć³MBeansćøć®čŖåć/ęøč¾¼ćæęØ©é |
Admin |
ApplicationOperator |
ć¢ććŖć±ć¼ć·ć§ć³ę§ęMBeansćøć®čŖåćęØ©éćć¢ććŖć±ć¼ć·ć§ć³å®č”ęMBeansćøć®čŖåć/ęøč¾¼ćæęØ©é |
Operator |
ApplicationMonitor |
ćć¹ć¦ć®ć¢ććŖć±ć¼ć·ć§ć³å®č”ęMBeansććć³ę§ęMBeansćøć®čŖåćęØ©é |
Monitor |
WebLogicć®ćć¼ć«ć®č©³ē“°ćÆććOracle WebLogic Serverćć¼ć«ććć³ććŖć·ć¼ć«ćććŖć½ć¼ć¹ć®äæč·ćć®ćć¦ć¼ć¶ć¼ćć°ć«ć¼ććć»ćć„ćŖćć£ć»ćć¼ć«ććåē §ćć¦ćć ććć
ććć©ć«ćć§ćÆććć¹ć¦ć®ęøč¾¼ćæććć³ę“ę°ęä½ć®å®č”ć«ćÆćć¦ć¼ć¶ć¼ćAdminćć¼ć«ć¾ććÆConfiguratorćć¼ć«ć®ć”ć³ćć¼ć§ććåæ
č¦ćććć¾ććć¾ćććæć°@Impact(value=1)
ć§ę³Øéćä»ććććęä½ć®å “åćć¦ć¼ć¶ć¼ćÆAdminćć¼ć«ć®ć”ć³ćć¼ć§ććććæć°@Impact(value=0)
ć§ę³Øéćä»ććććęä½ć®å “åćÆAdminćć¼ć«ć¾ććÆOperatorćć¼ć«ć®ć”ć³ćć¼ć§ććåæ
č¦ćććć¾ćć
č”ØE-3ćÆćFusion Middleware Control MBeansć®å±ę§ćØęä½ćøć®ć¢ćÆć»ć¹ć«åæ č¦ćŖćć¼ć«ćčŖ¬ęćć¦ćć¾ćć
č”ØE-3 ęä½å„ć«åæ č¦ćŖćć¼ć«
å½±éæå¤ćęć¤ęä½ | MBeanć®ćæć¤ć | åæ č¦ćŖćć¼ć« |
---|---|---|
INFOć¾ććÆå±ę§ć²ććæć¼ |
ć·ć¹ćć ę§ęMBean |
MonitorćOperatorćConfiguratorćAdmin |
INFOć¾ććÆå±ę§ć²ććæć¼ |
ć¢ććŖć±ć¼ć·ć§ć³ę§ęMBean |
MonitorćOperatorćConfiguratorćAdminćApplicationMonitorćApplicationOperatorćApplicationConfiguratorćApplicationAdmin |
ACTIONćACTION_INFOćUNKNOWNć¾ććÆå±ę§ć»ććæć¼ |
ć·ć¹ćć ę§ęMBean |
AdminćConfigurator |
ACTIONćACTION_INFOćUNKNOWNć¾ććÆå±ę§ć»ććæć¼ |
ć¢ććŖć±ć¼ć·ć§ć³ę§ęMBean |
AdminćConfiguratorćApplicationAdminćApplicationConfigurator |
INFOć¾ććÆå±ę§ć²ććæć¼ |
ć·ć¹ćć å®č”ęMBean |
MonitorćOperatorćConfiguratorćAdmin |
INFOć¾ććÆå±ę§ć²ććæć¼ |
ć¢ććŖć±ć¼ć·ć§ć³å®č”ęMBean |
MonitorćOperatorćConfiguratorćAdminćApplicationMonitorćApplicationOperatorćApplicationAdmin |
ACTIONćACTION_INFOćUNKNOWNć¾ććÆå±ę§ć»ććæć¼ |
ć·ć¹ćć å®č”ęMBean |
AdminćOperator |
ACTIONćACTION_INFOćUNKNOWNć¾ććÆå±ę§ć»ććæć¼ |
ć¢ććŖć±ć¼ć·ć§ć³å®č”ęMBean |
AdminćOperatorćApplicationAdminćApplicationOperator |
ćć®ē« ć§ćÆćOPSSććŖć·ć¼ććć³čŖåÆć¢ćć«ć«ć¤ćć¦čŖ¬ęćć¾ćć
ćć®ē« ć®å 容ćÆꬔć®ćØććć§ćć
OPSSććŖć·ć¼ć»ć¢ćć«ććć³ä½æēØćććć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®č©³ē“°ćÆćOracle Fusion Middleware Oracle Entitlements Serverē®”ēč ć¬ć¤ććåē §ćć¦ćć ććć
ćć®é ć§ćÆćJava EEćØJAASć®ć¢ćć«ć§ä½æēØåÆč½ćŖčŖåÆćęÆč¼ę¤čØćć¦ćć¾ćććć®é ć®å 容ćÆꬔć®ćØććć§ćć
Java 2ććŖć·ć¼ćÆćē¹å®ć®å “ęćććć¼ććććē½²åä»ćć³ć¼ćć«ä»äøććććć¼ććć·ć§ć³ćęå®ćć¾ććJAASććŖć·ć¼ćÆććŖćć·ć§ć³ć®ććŖć³ć·ćć«ć»ćŖć¹ććęå®ć§ććććć«ććććØć§ćJava 2ć®ęØ©éćę”å¼µćć¾ććććć«ćććē¹å®ć®å “ęćććć¼ćććć(å¤ćć®å “åćÆē½²åä»ćć®)ć³ć¼ćć«ć®ćæćć¼ććć·ć§ć³ćä»äøććććć®ćŖć¹ćć«ććććŖć³ć·ćć«ć§č”Øćććć¦ć¼ć¶ć¼ć«ćć£ć¦å®č”ććć¾ćć
OPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćÆćć·ć¹ćć ććć³ć¢ććŖć±ć¼ć·ć§ć³ć«åŗęć®ććŖć·ć¼ćØćć¼ć«ćę ¼ē“ćććŖććøććŖć§ććć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ćÆćć¢ććŖć±ć¼ć·ć§ć³åŗęć®ćØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ććć³ć°ć«ć¼ć(ē®”ēćć¼ć«ćŖć©)ć«ä»äø(ććć)ć§ćć¾ććććŖć·ć¼ć§ćÆććććć®ćć¼ć«ćć°ć«ć¼ćć¾ććÆć¦ć¼ć¶ć¼ć«ććŖć³ć·ćć«ćØćć¦ćć¼ććć·ć§ć³ćä»äøć§ćć¾ćć
ććŖć·ć¼é¢é£ć®ć»ćć„ćŖćć£ć»ć¢ć¼ćć£ćć”ćÆćć®č©³ē“°ćÆćē¬¬3ē« ćććŖć·ć¼ć»ć¹ćć¢ć®åŗę¬ććåē §ćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćčŖåÆć®é©ēØćć³ć³ććć«å§ä»»ć§ććä»ćcheckPermission
ćcheckBulkAuthorization
ćgetGrantedResources
ćŖć©ć®ć”ć½ććć®ć³ć¼ć«ć«ćć£ć¦ććŖć·ć¼ē¢ŗčŖćčŖčŗ«ć§é©ēØććå®č£
ćåÆč½ć§ćć
APIć³ć¼ć«ćä½æēØććććŖć·ć¼ē¢ŗčŖć®č©³ē“°ćÆććććŖć·ć¼ć®ē¢ŗčŖććåē §ćć¦ćć ććć
Java EEčŖåÆć¢ćć«ć§ćÆććć¼ć«ć»ć”ć³ćć¼ć·ćććä½æēØćć¦ćEJBć”ć½ććććć³URLć§åē §ććWebćŖć½ć¼ć¹ćøć®ć¢ćÆć»ć¹ćå¶å¾”ćć¾ććććŖć·ć¼ć«ćć£ć¦ć¦ć¼ć¶ć¼ćØćć¼ć«ć«ćć¼ććć·ć§ć³ćå²ćå½ć¦ćććććŖć·ć¼ćć³ć³ććć§é©ēØććć¦ćŖć½ć¼ć¹ćäæč·ććć¾ćć
Java EEć¢ćć«ć§ćÆćꬔć®ććććć®ę¹ę³ć§čŖåÆćå®č£ ććć¾ćć
宣čØēććć®ę¹ę³ć§ćÆćčŖåÆććŖć·ć¼ććććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæć§ęå®ććć¾ććć³ć³ćććÆćććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæććčŖåÆććŖć·ć¼ćčŖćæåć£ć¦å®ę½ćć¾ććčŖåÆćå®ę½ććććć®ē¹å„ćŖć¢ććŖć±ć¼ć·ć§ć³ć»ć³ć¼ććÆåæ č¦ććć¾ććć
ććć°ć©ć ēććć®ę¹ę³ć§ćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ć³ć¼ćć§čŖåÆććŖć·ć¼ćē¢ŗčŖćć¾ćććć®ć³ć¼ćć«ćć£ć¦ćē¹å®ć®ć³ć¼ćć»ć»ćÆć·ć§ć³ć®å®č”ć«é©ćććć¼ććć·ć§ć³ććµććøć§ćÆćć«ćććć©ćććē¢ŗčŖćć¾ćććµććøć§ćÆćć«é©åćŖćć¼ććć·ć§ć³ćäøćććć¦ććŖćå “åćć³ć¼ććÆä¾å¤ćć¹ćć¼ćć¾ćć
č”Ø17-1ćÆćåę¹ę³ć®é·ęćØēęćē¤ŗćć¦ćć¾ćć
č”Ø17-1 Java EEć¢ćć«ć®čŖåÆć®ęÆč¼
čŖåÆć®ćæć¤ć | é·ę | ēę |
---|---|---|
宣čØ |
ć³ć¼ćć£ć³ć°ćäøč¦ććććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæć®ćæćå¤ę“ććć°ćććććę“ę°ćē°”åć |
čŖåÆć®ć¬ćć«ć大ć¾ćć§ćććURLć¬ćć«ć¾ććÆć”ć½ććć»ć¬ćć«(EJBć®å “å)ć§ęå®ććć¾ćć |
ććć°ć©ć |
ć¢ććŖć±ć¼ć·ć§ć³ć»ć³ć¼ćć§ęå®ćććććććē“°ććć¬ćć«ć§ć³ć¼ććäæč·ć§ćć¾ćć |
ć³ć¼ćå¤ę“ćåć³ć³ćć¤ć«ć伓ććććę“ę°ćÆ容ęć§ćÆććć¾ććć |
ć³ć³ćććÆććć®å éØć§ēؼåäøć®ć¢ććŖć±ć¼ć·ć§ć³ć«åƾćć¦ć宣čØēććć³ććć°ć©ć ēćØćć2ć¤ć®ę¹ę³ć§čŖåÆćęä¾ć§ćć¾ććꬔć®åé ć§ćÆćććć®ę¹ę³ćčŖ¬ęćć¦ä¾ćē¤ŗćć¾ćć
宣čØēćŖčŖåÆć§ćÆćURLćć¼ć¹ć®ćŖć½ć¼ć¹(ćµć¼ćć¬ććććć¼ćøćŖć©)ćEJBć®ć”ć½ććć«åƾććć¢ćÆć»ć¹ćå¶å¾”ć§ćć¾ćć
宣čØēćŖčŖåÆćę§ęććåŗę¬ęé ćÆćꬔć®ćØććć§ćć
ęØęŗć®ćććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæć§ćäæč·ćććŖć½ć¼ć¹(Web URLćEJBć”ć½ćććŖć©)ćØććć®ćŖć½ć¼ć¹ćøć®ć¢ćÆć»ć¹ęØ©ćęć¤č«ēćć¼ć«ćęå®ćć¾ćć
ć¾ććÆćJava EE 1.5ćÆę³Øéććµćć¼ććć¦ććććććććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæć§ćÆćŖćć³ć¼ćę³Øéćä½æēØćć¾ćć
åŗęćććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæ(web.xml
ćŖć©)ć§ćÆćć¹ććć1ć§å®ē¾©ććč«ēćć¼ć«ććØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ćć«ććććć¾ćć
ććć°ć©ć ēćŖčŖåÆć§ćÆć宣čØēćŖę¹ę³ćććććē“°ććčŖåÆćå®ē¾ć§ććć”ć½ććisUserInRole
(ćµć¼ćć¬ććććć³JSPć®å “å)ć¾ććÆć”ć½ććisCallerInRole
(EJBć®å “å)ćć¢ććŖć±ć¼ć·ć§ć³ć®ć³ć¼ćććå¼ć³åŗćåæ
č¦ćććć¾ć(ććććÆć©ć”ććęØęŗć®Java APIć«ēØęććć¦ćć¾ć)ć
ćććć®ć”ć½ćććÆćčŖåÆć®ę±ŗå®ć«é¢ćć¦ćć¼ć«ć»ć”ć³ćć¼ć·ććć«ććēØåŗ¦ćÆä¾åćć¾ććććććć®ä½æēØć«ćććć¦ć¼ć¶ć¼ćÆććŖć½ć¼ć¹ć»ć¬ćć«(EJBć®ć”ć½ććć¾ććÆURL)ć®ć¢ćÆć»ć¹å¶å¾”ć«éå®ćććććØććŖććććććććē“°ććčŖåÆć®ę±ŗå®ćå¶å¾”ć§ććććć«ćŖćć¾ćć
ꬔć®ä¾ć§ćÆćć”ć½ććisUserInRole
ćć³ć¼ć«ćććµć¼ćć¬ćććē¤ŗćć¦ćć¾ćććµć¼ćć¬ćććććć±ć¼ćøåćć¦ććEARćć”ć¤ć«ć«ćÆę§ęćć”ć¤ć«web.xml
ććć³weblogic-application.xml
ćå«ć¾ćć¦ććććććć®ćć”ć¤ć«ć«ćÆꬔć®ę§ęć®ęēćå«ć¾ćć¦ććććØćåęćØćć¾ćć
web.xml
<!-- security roles --> <security-role> <role-name>sr_developer</role-name> </security-role>
weblogic-application.xml
ꬔć®ć¹ćććććÆćć¦ć¼ć¶ć¼weblogic
ćØć»ćć„ćŖćć£ć»ćć¼ć«sr_developer
éć®ćććć³ć°ćē¤ŗćć¦ćć¾ćć
<wls:security-role-assignment> <wls:role-name>sr_developer</wls:role-name> <wls:principal-name>weblogic</wls:principal-name> </wls:security-role-assignment>
isUserInRolećå¼ć³åŗćć³ć¼ćä¾
import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Date; public class PolicyServlet extends HttpServlet { public PolicyServlet() { super(); } public void init(ServletConfig config) throws ServletException { super.init(config); } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { final ServletOutputStream out = response.getOutputStream(); response.setContentType("text/html"); out.println("<HTML><BODY bgcolor=\"#FFFFFF\">"); out.println("Time stamp: " + new Date().toString()); out.println( "<br>request.getRemoteUser = " + request.getRemoteUser() + "<br>"); out.println("request.isUserInRole('sr_developer') = " + request.isUserInRole("sr_developer") + "<br>"); out.println("request.getUserPrincipal = " + request.getUserPrincipal() + "<br>"); out.println("</BODY>"); out.println("</HTML>"); } }
JAASčŖåÆć§ćÆćć¼ććć·ć§ć³ćä½æēØćć¾ććććć¼ć«ć®ę¦åæµćä½æēØć§ćć¾ććčŖåÆććŖć·ć¼ć«ćć£ć¦ććć¼ććć·ć§ć³ććµććøć§ćÆć(ćć¼ć«ćć°ć«ć¼ćć¾ććÆć¦ć¼ć¶ć¼)ć«ćć¤ć³ććććććć«åæ
č¦ć«åæćć¦ć½ć¼ć¹ć»ć³ć¼ćć«ććć¤ć³ćććć¾ćććć¼ć«ć®ä»äøćÆćaddPrincipalsToAppRole
ć®ć³ć¼ć«ć§å®ē¾ćć¾ćć
ćć¼ććć·ć§ć³ćÆéēć”ć½ććAccessController.checkPermission
ć®ć³ć¼ć«ć«ćć£ć¦č©ä¾”ććć¾ćććć®ć¢ćć«ć§ćÆććŖć½ć¼ć¹ćććē“°ććå¶å¾”ć§ćć¾ćć
ćć®ć¢ćć«ć§ćÆćčŖåÆććŖć·ć¼ć§ę¬”ć®ę å ±ćęå®ććć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ććć³ćØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ćć
ć¦ć¼ć¶ć¼ć(ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼å ć®)ć°ć«ć¼ćććć³(ć·ć¹ćć ć»ććŖć·ć¼å ć®)ć³ć¼ćć»ć½ć¼ć¹ć«ä»äøććććć¼ććć·ć§ć³ćć¦ć¼ć¶ć¼ććć³ć°ć«ć¼ćć®å “åćÆćććć«ćć£ć¦ć¢ćÆć»ć¹ćčرåÆćććć¦ć¼ć¶ć¼ć¾ććÆć°ć«ć¼ćć®ć”ć³ćć¼ćę±ŗå®ććć¾ććć³ć¼ćć»ć½ć¼ć¹ć®å “åćÆćććć«ćć£ć¦ćć³ć¼ććå®č”ć§ććć¢ćÆć·ć§ć³ćę±ŗå®ććć¾ćć
ćć®ć¢ćć«ćä½æēØćć¦ććć°ć©ćć³ć°ććå “åćę©åÆę§ć®é«ćć³ć¼ćč”ć®åć«ćē¾åØć®ć¦ć¼ć¶ć¼ć¾ććÆćć¼ć«ććć®ć³ć¼ćć«ć¢ćÆć»ć¹ććććć®é©åćŖćć¼ććć·ć§ć³ćä»äøććć¦ćććć©ćććē¢ŗčŖććć³ć¼ć«ćčØčæ°ćć¾ććć¦ć¼ć¶ć¼ćé©åćŖćć¼ććć·ć§ć³ćęć£ć¦ććå “åćÆćć³ć¼ććå®č”ććć¾ććé©åćŖćć¼ććć·ć§ć³ćäøćććć¦ććŖćå “åćć³ć¼ććÆä¾å¤ćć¹ćć¼ćć¾ćć
č¤ę°ć®ćć¼ććć·ć§ć³ć«ććć³ć¼ćć»ć½ć¼ć¹ć®ä»äøć®ä¾ćÆćē¬¬18.5.6é ććµćć¼ćććć¦ćććć¼ććć·ć§ć³ć»ćÆć©ć¹ććåē §ćć¦ćć ććć
JAASććć³OPSSčŖåÆć§ćÆććÆć©ć¹ćē°å¢ć«ćć¼ććć¦å®č”ćććØćć«ććć®ćÆć©ć¹ć§å®č”ć§ććęä½ćå¶å¾”ććććØćåŗę¬ć«ćŖć£ć¦ćć¾ćć
ćć®é ć®å 容ćÆꬔć®ćØććć§ćć
OPSSćÆććć”ć¤ć«ćć¼ć¹ćLDAPćć¼ć¹ćććć³DBćć¼ć¹ć®OPSSć»ćć„ćŖćć£ć»ć¹ćć¢å ć®ćŖć½ć¼ć¹ć»ć«ćæćć°ć®ä»ę§ććć³ć©ć³ćæć¤ć ć»ćµćć¼ćć«åƾåæćć¾ćć
ćŖć½ć¼ć¹ć»ć«ćæćć°ć®ä½æēØć«ćÆꬔć®å©ē¹ćććć¾ćć
å¤čŖåÆč½ćŖēØčŖć§ććŖć·ć¼ććć³äæč·ć¢ć¼ćć£ćć”ćÆććčØčæ°ććć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ć½ć¼ć¹ć»ć³ć¼ćć«é¢äæćŖććć¾ććććć®ć³ć¼ćć«é¢ććē„čćåæ č¦ćØććć«ćććŖć·ć¼ćå®ē¾©ććå¤ę“ć§ćć¾ćć
äæč·ć¢ć¼ćć£ćć”ćÆććåē §ććć³ę¤ē“¢ć§ćć¾ćć
å¾ć§čŖåÆććŖć·ć¼ć§ä½æēØć§ćććć«ćć£ć³ć°ć»ććććÆ(ęØ©éć¾ććÆćć¼ććć·ć§ć³ć®ć»ćć)ć«äæč·ć¢ć¼ćć£ćć”ćÆććć°ć«ć¼ćåć§ćć¾ćć
ćŖć½ć¼ć¹ć»ć«ćæćć°ć»ć¢ć¼ćć£ćć”ćÆććććŖć·ć¼ē®”ēAPIć§ē®”ēć§ćć¾ććå
·ä½ēć«ćÆćꬔć®ć¤ć³ćæćć§ć¼ć¹ććŖć½ć¼ć¹ć»ć«ćæćć°ć®ć¢ć¼ćć£ćć”ćÆćć«ē“ę„é¢é£ćć¦ćć¾ććććććÆćć¹ć¦ć¤ć³ćæćć§ć¼ć¹oracle.security.jps.service.policystore.EntityManager
ć®äøä½ć¤ć³ćæćć§ć¼ć¹ć§ćć
GrantManager
- ćć®ć¤ć³ćæćć§ć¼ć¹ć«ēØęććć¦ććć”ć½ććć§ćÆćę¤ē“¢ę”件ćä½æēØćć¦ęØ©éćåćåćććŖć½ć¼ć¹ć»ć«ćæćć°ć»ć¢ć¼ćć£ćć”ćÆćć®ę§ć
ćŖēµåćć«é©åććęØ©éć®ćŖć¹ććåå¾ćć¦ćććŖć³ć·ćć«ć«åƾćć¦ćć¼ććć·ć§ć³ćä»äøć¾ććÆåćę¶ćććØćć§ćć¾ćć
PermissionSetManager
- ćć®ć¤ć³ćæćć§ć¼ć¹ć«ēØęććć¦ććć”ć½ććć§ćÆććć¼ććć·ć§ć³ć»ć»ćć(ęØ©é)ć®ä½ęćå¤ę“ććć³ååććå®č”ć§ćć¾ćć
ResourceManager
- ćć®ć¤ć³ćæćć§ć¼ć¹ć«ēØęććć¦ććć”ć½ććć§ćÆććŖć½ć¼ć¹(ćŖć½ć¼ć¹ć»ć¤ć³ć¹ćæć³ć¹)ć®ä½ęćåé¤ććć³å¤ę“ćå®č”ć§ćć¾ćć
ResourceTypeManager
- ćć®ć¤ć³ćæćć§ć¼ć¹ć«ēØęććć¦ććć”ć½ććć§ćÆććŖć½ć¼ć¹ć»ćæć¤ćć®ä½ęćåé¤ćå¤ę“ććć³ååććå®č”ć§ćć¾ćć
ćććć®ć¤ć³ćæćć§ć¼ć¹ć®č©³ē“°ćÆćJavadocććć„ć”ć³ćć®Oracle Fusion Middleware Oracle Platform Security Services Java APIćŖćć”ć¬ć³ć¹ćåē §ćć¦ćć ććć
ꬔć®ć³ć¼ćć»ć¹ćććććÆććŖć½ć¼ć¹ć»ćæć¤ćććŖć½ć¼ć¹ć»ć¤ć³ć¹ćæć³ć¹ćć¢ćÆć·ć§ć³ććć³ćć¼ććć·ć§ć³ć»ć»ććć®ä½ęćē¤ŗćć¦ćć¾ćć
import oracle.security.jps.service.policystore.entitymanager.*; import oracle.security.jps.service.policystore.search.*; import oracle.security.jps.service.policystore.info.resource.*; import oracle.security.jps.service.policystore.info.*; import oracle.security.jps.service.policystore.*; import java.util.*; public class example { public static void main(String[] args) throws Exception { ApplicationPolicy ap; ResourceTypeManager rtm = ap.getEntityManager(ResourceTypeManager.class); ResourceTypeSearchQuery query = new ResourceTypeSearchQuery(); query.setANDMatch(); query.addQuery(ResourceTypeSearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "resourceType", BaseSearchQuery.MATCHER.EXACT); List<ResourceTypeEntry> allResourceTypes = rtm.getResourceTypes(query); ResourceManager rm = ap.getEntityManager(ResourceManager.class); ResourceSearchQuery ResourceQuery = new ResourceSearchQuery(); ResourceQuery.setANDMatch(); ResourceQuery.addQuery(ResourceSearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "R2", BaseSearchQuery.MATCHER.EXACT); List<ResourceEntry> allResources = rm.getResources("RT2", ResourceQuery); PermissionSetManager psm = ap.getEntityManager(PermissionSetManager.class); PermissionSetSearchQuery pssq = new PermissionSetSearchQuery(); pssq.setANDMatch(); pssq.addQuery(PermissionSetSearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "PS1", BaseSearchQuery.MATCHER.EXACT); List<PermissionSetEntry> allPermSets = psm.getPermissionSets(pssq); RoleCategoryManager rcm = ap.getEntityManager(RoleCategoryManager.class); RoleCategorySearchQuery rcsq = new RoleCategorySearchQuery(); rcsq.setANDMatch(); rcsq.addQuery(RoleCategorySearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "roleCategoryCartoon", BaseSearchQuery.MATCHER.EXACT); List<RoleCategoryEntry> allRoleCategories = rcm.getRoleCategories(rcsq); } }
ꬔć®ć³ć¼ćć»ć¹ćććććÆććŖć½ć¼ć¹ć»ć«ćæćć°č¦ē“ ćä½æēØććč¤éćŖååććē¤ŗćć¦ćć¾ćć
//ApplicationPolicy ap as in the preceeding example ResourceTypeManager rtm = ap.getEntityManager(ResourceTypeManager.class); ResourceTypeSearchQuery query = new ResourceTypeSearchQuery(); query.setANDMatch(); query.addQuery(ResourceTypeSearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "resourceType", BaseSearchQuery.MATCHER.EXACT); List<ResourceTypeEntry> enties = rtm.getResourceTypes(query); ResourceManager rm = ap.getEntityManager(ResourceManager.class); ResourceSearchQuery ResourceQuery = new ResourceSearchQuery(); ResourceQuery.setANDMatch(); ResourceQuery.addQuery(ResourceSearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "R2", BaseSearchQuery.MATCHER.EXACT); ArrayList<BaseSearchQuery> querries = ResourceQuery.getQueries(); List<ResourceEntry> resources = rm.getResources("RT2", ResourceQuery); PermissionSetManager psm = ap.getEntityManager(PermissionSetManager.class); PermissionSetSearchQuery pssq = new PermissionSetSearchQuery(); pssq.setANDMatch(); pssq.addQuery(PermissionSetSearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "PS1", BaseSearchQuery.MATCHER.EXACT); List<PermissionSetEntry> psets = psm.getPermissionSets(pssq); RoleCategoryManager rcm = ap.getEntityManager(RoleCategoryManager.class); RoleCategorySearchQuery rcsq = new RoleCategorySearchQuery(); rcsq.setANDMatch(); rcsq.addQuery(RoleCategorySearchQuery.SEARCH_PROPERTY.NAME, false, ComparatorType.EQUALITY, "roleCategoryCartoon", BaseSearchQuery.MATCHER.EXACT); ArrayList<BaseSearchQuery> queries = rcsq.getQueries(); List<RoleCategoryEntry> rcs = rcm.getRoleCategories(rcsq);
ꬔć®ć³ć¼ćć»ćµć³ćć«ćÆćęØ©éćä½ęććę¹ę³ćē¤ŗćć¦ćć¾ćć
GrantManager gm = ap.getEntityManager(GrantManager.class); Set<PrincipalEntry> pe = new HashSet<PrincipalEntry>(); List<AppRoleEntry> are = ap.searchAppRoles(appRoleName); pe.addAll(are); gm.grant(pe, null, permissionSetName);
ćć®é ć§ćÆćććć°ć©ć äøć§ććŖć·ć¼ćē¢ŗčŖććę¹ę³ćććć¤ćē¤ŗćć¾ćććć®é ć®å 容ćÆꬔć®ćØććć§ćć
éč¦ćŖę³Øę: 1. ććć©ć«ćć§ćÆćčŖåÆć®å¤±ęćć³ć³ć½ć¼ć«ć«č”Øē¤ŗććć¾ćććčŖåÆć®å¤±ęćć³ć³ć½ć¼ć«ć«éäæ”ćććććć«ććć«ćÆćć·ć¹ćć å¤ę° ē¹ć«ć 2. OPSSććŖć·ć¼ć»ćććć¤ććÆćꬔć®ä¾ć«ē¤ŗćććć«ćJava SEć¢ććŖć±ć¼ć·ć§ć³ć«ęē¤ŗēć«čØå®ććåæ č¦ćććć¾ćć java.security.Policy.setPolicy(new oracle.security.jps.internal.policystore.JavaPolicyProvider()) Java SEć¢ććŖć±ć¼ć·ć§ć³ć«ććŖć·ć¼ć»ćććć¤ććęē¤ŗēć«čØå®ćć¦ćććŖććØćć©ć³ćæć¤ć ć»ć”ć½ćć( |
Oracle Fusion MiddlewarećÆććÆć©ć¹java.security.AccessController
ććć³oracle.security.jps.util.JpsAuth
ć®ć”ć½ććcheckPermission
ć®ä½æēØććµćć¼ććć¦ćć¾ćć
ćÆć©ć¹JpsAuth
ć®checkPermission
ćä½æēØććććØććč¦ććć¾ćććććÆććć®ćÆć©ć¹ć®ć»ćććććć°ć»ćµćć¼ććØććć©ć¼ćć³ć¹ć«ććć¦åŖćć¦ćććē£ę»ććµćć¼ććććććć§ćć
éēć”ć½ććAccessController.checkPermission
ćÆćććć©ć«ćć®ć¢ćÆć»ć¹å¶å¾”ć³ć³ććć¹ć(ć¹ć¬ććä½ęęć«ē¶ęæćććć³ć³ććć¹ć)ćä½æēØćć¾ćććć®ä»ć®ć³ć³ććć¹ćć§ćć¼ććć·ć§ć³ćē¢ŗčŖććć«ćÆćē¹å®ć®AccessControlContext
ć¤ć³ć¹ćæć³ć¹ć§ć¤ć³ć¹ćæć³ć¹ć»ć”ć½ććcheckPermission
ćć³ć¼ć«ćć¾ćć
ꬔć®č”Øć«ē¤ŗćććć«ćć”ć½ććcheckPermission
ćÆJAASć¢ć¼ć(ē¬¬18ē« ććµć¼ćć¬ććć»ćć£ć«ćæćØEJBć¤ć³ćæć¼ć»ććæć®ę§ęććåē
§)ć®å¤ć«å¾ć£ć¦åä½ćć¾ćć
č”Ø17-2 JAASć¢ć¼ćć«åæććcheckPermissionć®åä½
JAASć¢ć¼ćć®čØå® | checkPermission |
---|---|
ćŖćć¾ććÆęŖå®ē¾© |
ęå¹ćŖć»ćć„ćŖćć£ć»ććŖć·ć¼ć«åŗć„ćć³ć¼ććć¼ć¹ć®ć»ćć„ćŖćć£ćå®ę½ćć¾ćććµććøć§ćÆććć¼ć¹ć®ć»ćć„ćŖćć£ć«åƾććććććøć§ćć³ć°ćÆććć¾ććć |
doAs |
|
doAsPrivileged |
NULLć¢ćÆć»ć¹å¶å¾”ć³ć³ććć¹ććä½æēØćć¦ćµććøć§ćÆććć¼ć¹ć®ć»ćć„ćŖćć£ćé©ēØćć¾ćć |
subjectOnly |
ćć¼ććć·ć§ć³ć®č©ä¾”ęć«ćććŖć³ć·ćć«ć«ććććęØ©éä»äøć®ćæćčę ®ććć¾ć(ć³ć¼ććć¼ć¹ć«ććććęØ©éä»äøćÆē”č¦ććć¾ć)ć |
ę³Øę:
|
ꬔć®ä¾ćÆććć¼ććć·ć§ć³ććć§ććÆćććµć¼ćć¬ćććē¤ŗćć¦ćć¾ćććµć¼ćć¬ćććććć±ć¼ćøåćć¦ććEARćć”ć¤ć«ć«ę§ęćć”ć¤ć«jazn-data.xml
ććć³web.xml
ćå«ć¾ćć¦ććććØćåęćØćŖćć¾ćć
jazn-data.xml
ć¢ććŖć±ć¼ć·ć§ć³ć®ćć”ć¤ć«ćć¼ć¹ć®ććŖć·ć¼ć»ć¹ćć¢ćÆꬔć®ćØććć§ćć
<?xml version="1.0" ?> <jazn-data> <policy-store> <applications> <application> <name>MyApp</name> <app-roles> <app-role> <name>AppRole</name> <display-name>AppRole display name</display-name> <description>AppRole description</description> <guid>F5494E409CFB11DEBFEBC11296284F58</guid> <class>oracle.security.jps.service.policystore.ApplicationRole</class> </app-role> </app-roles> <resource-types> <resource-type> <name>MyResourceType</name> <display-name>MyResourceType display name</display-name> <description>MyResourceType description</description> <provider-name>MyResourceType provider</provider-name> <matcher-class>oracle.security.jps.ResourcePermission</matcher-class> <actions-delimiter>,</actions-delimiter> <actions>write,read</actions> </resource-type> </resource-types> <resources> <resource> <name>MyResource</name> <display-name>MyResource display name</display-name> <description>MyResource description</description> <type-name-ref>MyResourceType</type-name-ref> </resource> </resources> <permission-sets> <permission-set> <name>MyEntitlement</name> <display-name>MyEntitlement display name</display-name> <description>MyEntitlement description</description> <member-resources> <member-resource> <type-name-ref>MyResourceType</type-name-reóM²f> <resource-name>MyResource</resource-name> <actions>write</actions> </member-resource> </member-resources> </permission-set> </permission-sets> <jazn-policy> <grant> <grantee> <principals> <principal> <class> oracle.security.jps.service.policystore.ApplicationRole</class> <name>AppRole</name> <guid>F5494E409CFB11DEBFEBC11296284F58</guid> </principal> </principals> </grantee> <!-- entitlement-based permissions --> <permission-set-refs> <permission-set-ref> <name>MyEntitlement</name> </permission-set-ref> </permission-set-refs> </grant> </jazn-policy> </application> </applications> </policy-store> <jazn-policy></jazn-policy> </jazn-data>
web.xml
ćć£ć«ćæJpsFilter
ćÆꬔć®ććć«ę§ęććć¾ćć
<web-app> <display-name>PolicyTest: PolicyServlet</display-name> <filter> <filter-name>JpsFilter</filter-name> <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class> <init-param> <param-name>application.name</param-name> <param-value>PolicyServlet</param-value> </init-param> </filter> <filter-mapping> <filter-name>JpsFilter</filter-name> <servlet-name>PolicyServlet</servlet-name> <dispatcher>REQUEST</dispatcher> </filter-mapping>...
ć³ć¼ćä¾
ꬔć®ä¾ć§ćÆćSubject.doAsPrivileged
ćJpsSubject.doAsPrivileged
ć«ćć£ć¦ē½®ęćććå “åćććć¾ćć
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.*;
import java.util.Date;
import java.util.PropertyPermission;
import java.io.FilePermission;
public class PolicyServlet extends HttpServlet {
public PolicyServlet() {
super();
}
public void init(ServletConfig config)
throws ServletException {
super.init(config);
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
final ServletOutputStream out = response.getOutputStream();
response.setContentType("text/html");
out.println("<HTML><BODY bgcolor=\"#FFFFFF\">");
out.println("Time stamp: " + new Date().toString());
out.println( "<br>request.getRemoteUser = " + request.getRemoteUser() + "<br>");
out.println("request.isUserInRole('sr_developer') = " + request.isUserInRole("sr_developer") + "<br>");
out.println("request.getUserPrincipal = " + request.getUserPrincipal() + "<br>");
Subject s = null;
s = Subject.getSubject(AccessController.getContext());
out.println("Subject in servlet " + s);
out.println("<br>");
final RuntimePermission rtPerm = new RuntimePermission("getClassLoader");
try {
Subject.doAsPrivileged(s, new PrivilegedAction() {
public Object run() {
try {
AccessController.checkPermission(rtPerm);
out.println("<br>");
out.println("CheckPermission passed for permission: " + rtPerm+ " seeded in application policy");
out.println("<br>");
} catch (IOException e) {
e.printStackTrace();
printException ("IOException", e, out);
} catch (AccessControlException ace) {
ace.printStackTrace();
printException ("Accesscontrol Exception", ace, out);
}
return null;
}
}, null);
} catch (Throwable e) {
e.printStackTrace();
printException("application policy check failed", e, out);
}
out.println("</BODY>");
out.println("</HTML>");
}
void printException(String msg, Throwable e, ServletOutputStream out) {
Throwable t;
try {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw, true);
e.printStackTrace(pw);
out.println("<p>" + msg + "<p>");
out.println("<code>");
out.println(sw.getBuffer().toString());
t = e;
/* Print the root cause */
while ((t = t.getCause()) != null) {
sw = new StringWriter();
pw = new PrintWriter(sw, true);
t.printStackTrace(pw);
out.println("<hr>");
out.println("<p> Caused By ... </p>");
out.println(sw.getBuffer().toString());
}
out.println("</code><p>");
} catch (IOException ioe) {
ioe.printStackTrace();
}
}
}
Oracle Fusion MiddlewarećÆćęØęŗćÆć©ć¹javax.security.auth.Subject
ć§ćdoAs
ć”ć½ćććØdoAsPrivileged
ć”ć½ććććµćć¼ććć¾ćć
ćć ćććććć®ć”ć½ćććÆćććć©ć¼ćć³ć¹ćé«ććē£ę»ę©č½ćåćć¦ćććććoracle.security.jps.util.JpsSubject
ćÆć©ć¹ć§ä½æēØććććØććč¦ććć¾ćć
ę³Øę:
|
ć”ć½ććcheckBulkAuthorization
ć§ćÆććµććøć§ćÆćć1ć¤ä»„äøć®ćŖć½ć¼ć¹ć»ć¢ćÆć·ć§ć³ć«ć¢ćÆć»ć¹ć§ćććć©ćććå¤ęć§ćć¾ććå
·ä½ēć«ćÆćęø”ćććŖć½ć¼ć¹ć®äøć§ćęø”ćććµććøć§ćÆćć«åƾćć¦ć¢ćÆć»ć¹ćčرåÆććć¦ćććŖć½ć¼ć¹ć»ć¢ćÆć·ć§ć³ć®ć»ćććčæćć¾ćć
(Java SEć¢ććŖć±ć¼ć·ć§ć³ć§)ćć®ć”ć½ćććå¼ć³åŗćå “åćÆꬔć®ē¹ćē¢ŗčŖćć¦ćć ććć
ć·ć¹ćć ć»ććććć£java.security.policy
ććOPSSć¾ććÆOracle WebLogic Serverć®ććŖć·ć¼ć»ćć”ć¤ć«ć®å “ęć«čØå®ććć¦ćć¾ćć
ććŖć·ć¼ć»ćććć¤ććęē¤ŗēć«čØå®ććć«ćÆćꬔć«ē¤ŗćććć«ćć¢ććŖć±ć¼ć·ć§ć³ć§ć¾ćć”ć½ććsetPolicy
ććć³ć¼ć«ććåæ
č¦ćććć¾ćć
java.security.Policy.setPolicy(new oracle.security.jps.internal.policystore.JavaPolicyProvider())
ć¢ććŖć±ć¼ć·ć§ć³ć§ćÆćsetPolicy
ćć³ć¼ć«ććå¾ć§checkBulkAuthorization
()ćć³ć¼ć«ććć¾ćć
ć©ć®ć¢ććŖć±ć¼ć·ć§ć³ć§ććcheckBulkAuthorizationć§ćÆć³ć¼ć«å ććꬔć®ę å ±ćå¾ćććććØćåęćØćŖć£ć¦ćć¾ćć
ć¦ć¼ć¶ć¼ććć³ćØć³ćæć¼ćć©ć¤ćŗć»ćć¼ć«ć®ććŖć³ć·ćć«ćęå®ććććµććøć§ćÆć
åćŖć½ć¼ć¹ćå±ććć¹ćć©ć¤ććå«ć¾ćććŖć½ć¼ć¹ć®ćŖć¹ć
ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ä½æēØć®ęØ©éä»äøć«ćÆćåæ é ć®ćŖć½ć¼ć¹ć»ćæć¤ććå«ććåæ č¦ćććć¾ćć
checkBulkAuthorizationć§ććć¢ććŖć±ć¼ć·ć§ć³ćå®č”ćć¦ćććć”ć¤ć³ć«ę§ęććOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć»ć¹ćć©ć¤ććććć®ć¢ććŖć±ć¼ć·ć§ć³ććčŖčć§ććććØćåęćØćŖć£ć¦ćć¾ćć
checkBulkAuthorization
ć§ćÆćOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ć«ćŖć½ć¼ć¹ćååØćć¦ććåæ
č¦ćÆććć¾ććć
ć”ć½ććgetGrantedResources
ć«ćÆćå®č”ęć®čŖåÆååććēØęććć¦ćććććē¹å®ć®ćµććøć§ćÆćć«ä»äøććć¦ćććŖć½ć¼ć¹ć»ć¢ćÆć·ć§ć³ććć®ååćććå¾ćććØć§ććć®ćµććøć§ćÆćć«ä»äøććć¦ćććć¹ć¦ć®ćŖć½ć¼ć¹ććć§ććć§ćć¾ćććć®ć”ć½ććć§ćÆć(ē“ę„ć¾ććÆćć¼ććć·ć§ć³ć»ć»ććććéę„ēć«)ćŖć½ć¼ć¹ć»ćæć¤ćć«é¢é£ä»ćććć¦ćććć¼ććć·ć§ć³ć®ćæćčæććć¾ććć¾ćććć®ć”ć½ćććÆćOPSSć»ćć„ćŖćć£ć»ć¹ćć¢ćLDAPćć¼ć¹ć®å “åć«ć®ćæä½æēØć§ćć¾ćć
ćć¼ććć·ć§ć³ć»ćÆć©ć¹ć§ćÆććŖć½ć¼ć¹ć«åƾćć¦ęØ©éåé č ćå®č”ć§ććć¢ćÆć·ć§ć³ćå¶å¾”ććęꮵćęä¾ććć¾ććć¢ććŖć±ć¼ć·ć§ć³ć®čØčØꮵéć§ćÆćć¢ćÆć·ć§ć³ććæć¼ć²ććē §åććć³ęé»ć®č«ēćå®č”ęć«ę³å®ć©ććć«ę©č½ććććć«ć«ć¹ćæć ć®ćć¼ććć·ć§ć³ć»ćÆć©ć¹ćä½æēØćć¦å Øé¢ēć«å¶å¾”ć§ćć¾ćććć®å “åć§ćććµć¼ćć¼ć®ć·ć¹ćć ć»ćÆć©ć¹ćć¹ć§ć«ć¹ćæć ć®ćć¼ććć·ć§ć³ć»ćÆć©ć¹ćęå®ććåæ č¦ć«åæćć¦ćć®ćć¼ććć·ć§ć³ć»ćÆć©ć¹ćä½æēØåÆč½ć«ćć¦ćć¼ćć§ććććć«ćć¦ććåæ č¦ćććć¾ćććć ććē°å¢ć®ć·ć¹ćć ć»ćÆć©ć¹ć»ćć¹ć®å¤ę“ćÆå°é£ć§ćē°å¢ć«ćć£ć¦ćÆćć®ćććŖå¤ę“ćć§ććŖćććØćććć¾ćć
OPSSć«ćÆćć¢ććŖć±ć¼ć·ć§ć³ć¾ććÆć·ć¹ćć ć»ćŖć½ć¼ć¹ćäæč·ććććć«ć©ć®ć¢ććŖć±ć¼ć·ć§ć³ęØ©éå
ć§ććć¼ććć·ć§ć³ć»ćÆć©ć¹ćØćć¦ä½æēØć§ćććÆć©ć¹oracle.security.jps.ResourcePermission
ćēØęććć¦ćć¾ććććć«ććććÆć©ć¹ResourcePermission
ććć®ć¾ć¾ć§ććć«ä½æēØć§ćććµćć¼ćåÆ¾č±”ć§ććć°ć©ć®ććŖć·ć¼ć»ćććć¤ćć«ę ¼ē“ććć¦ććć¢ććŖć±ć¼ć·ć§ć³ęØ©éć§ććć¼ććć·ć§ć³ć§å®¹ęć«ä½æēØć§ćććććć¢ććŖć±ć¼ć·ć§ć³éēŗč
ćć«ć¹ćæć ć®ćć¼ććć·ć§ć³ć»ćÆć©ć¹ćä½ęććåæ
č¦ććŖććŖćć¾ććććć®ćÆć©ć¹ćÆć·ć¹ćć ć»ććŖć·ć¼ć§ć®ä½æēØćęå³ćć¦ćć¾ćććć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼å°ēØćØćć¦čØčØććć¦ćć¾ćć
ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ę§ę
ResourcePermission
ćÆć©ć¹ćä½æēØćććć¼ććć·ć§ć³ćÆććŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ćØå¼ć°ććꬔć®XMLćµć³ćć«ć§ē¤ŗćć¦ććå½¢å¼ć«åŗć„ćć¦ćŖć½ć¼ć¹ć»ćæć¤ćććŖć½ć¼ć¹åććć³ćŖćć·ć§ć³ć®ć¢ćÆć·ć§ć³ć»ćŖć¹ććęå®ćć¾ćć
<permission> <class>oracle.security.jps.ResourcePermission</class> <name>resourceType=type,resourceName=name</name> <actions>character-separated-list-of-actions</actions> </permission>
ćć®ęå®ć§ćÆććæć¤ćåć«ćØć³ć³ć¼ććććŖć½ć¼ć¹ć»ćæć¤ććå®ē¾©ććåæ č¦ćććć¾ćććŖć½ć¼ć¹ć»ćæć¤ćć®ę å ±ćÆå®č”ęć«ćÆä½æēØććć¾ćććććŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ćę£åøøć«ē§»č”ććć«ćÆćŖć½ć¼ć¹ć»ćæć¤ććå®ē¾©ćć¦ććåæ č¦ćććć¾ććć¾ćććŖć½ć¼ć¹ć»ćæć¤ććÆćē®”ēč ć«ćććŖć½ć¼ć¹ć®ć¢ćć«åćØćŖć½ć¼ć¹ä½æēØć®ē®”ēć«å½¹ē«ć”ć¾ćć
ꬔć®ć³ć¼ććÆććŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ęå®ćØåƾåæććåæ é ć®ćŖć½ć¼ć¹ć»ćæć¤ććē¤ŗćć¦ćć¾ćć
<permission> <class>oracle.security.jps.ResourcePermission</class> <name>resourceType=epm.calcmgr.permission,resourceName=EPM_Calc_Manager</name> </permission> <resource-types> <resource-type> <name>epm.calcmgr.permission</name> <display-name>CalcManager ResourceType</display-name> <description>Resourcetype for managing CalcManager grants</description> <provider-name></provider-name> <matcher-class>oracle.security.jps.ResourcePermission</matcher-class> <actions-delimiter>,</actions-delimiter> <actions></actions> </resource-type> </resource-types> <permission> <class>oracle.security.jps.ResourcePermission</class> <name>resourceType=oracle.bi.publisher.Reports,resourceName=GLReports</name> <actions>develop;schedule</actions> </permission> <resource-types> <resource-type> <name>oracle.bi.publisher.Reports</name> <display-name>BI Publisher Reports</display-name> <provider-name></provider-name> <matcher-class>oracle.security.jps.ResourcePermission</matcher-class> <actions-delimiter>;</actions-delimiter> <actions>view;develop;schedule</actions> </resource-type> </resource-types>
ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć«é¢é£ä»ćććć¦ćććŖć½ć¼ć¹ć»ćæć¤ćć«ćÆćē©ŗć®ć¢ćÆć·ć§ć³ć»ćŖć¹ććęå®ćć¦ććć¾ćć¾ćććꬔć®éč¦ē¹ććŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć«é©ēØććć¾ćć
ååćÆćꬔć®å½¢å¼ć«å¾ćåæ č¦ćććć¾ćć
resourceType=aType,resourceName=aName
ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ćŖć½ć¼ć¹ć»ćæć¤ććå®ē¾©ććåæ
č¦ćććć¾ćććć®ćŖć½ć¼ć¹ć»ćæć¤ććÆResourcePermission.getType()
ć”ć½ććć§čæććć¾ćć
åŗåćęåä»ćć®ć¢ćÆć·ć§ć³ć»ćŖć¹ććÆćŖćć·ć§ć³ć§ććęå®ććå “åćÆćé¢é£ćććŖć½ć¼ć¹ć»ćæć¤ćć§ęå®ććć¦ććć¢ćÆć·ć§ć³ććéøęććåæ
č¦ćććć¾ćććć®ćŖć¹ććÆResourcePermission.getActions()
ć”ć½ććć§čæććć¾ćć
ćć®ćŖć¹ćć®é ē®ć®åŗåćęåć«ćÆćé¢é£ćććŖć½ć¼ć¹ć»ćæć¤ćć®<actions-delimiter>ć§ęå®ććć¦ććęåćä½æēØććåæ č¦ćććć¾ćć
ćć¼ććć·ć§ć³ć§ä½æēØćććŖć½ć¼ć¹ć®č”Øē¤ŗåćÆćResourcePermission.getResourceName()
ć”ć½ććć§čæććć¾ćć
ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć§ćÆććÆć¤ć«ćć«ć¼ćć®ä½æēØćÆćµćć¼ćććć¦ćć¾ććć
ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ē®”ēćØē¢ŗčŖ
ꬔć®ć³ć¼ćć»ć¹ćććććÆććŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ć¤ć³ć¹ćæć³ć¹åććć³ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ćććć°ć©ć ēć«ē¢ŗčŖććę¹ę³ćē¤ŗćć¦ćć¾ćććć®ć³ć¼ćć»ć¹ćććććÆćććŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć®ę§ęćć§čŖ¬ęćć¦ććę§ęä¾ć®1ć¤ć«åŗć„ćć¦ćć¾ćć
ResourcePermission rp = new ResourcePermission("oracle.bi.publisher.Reports","GLReports","develop"); JpsAuth.checkPermission(rp);
å®č”ęć«ćŖć½ć¼ć¹ć»ćć¼ććć·ć§ć³ć§ę¬”ć®4ć¤ć®ę”件ćęŗćććććØććć®ćć¼ććć·ć§ć³ćÆé©åć§ćććØå¤ęććć¾ćć
ćć¼ććć·ć§ć³ćResourcePermision
ćÆć©ć¹ć®ć¤ć³ć¹ćæć³ć¹ć§ćć
ćŖć½ć¼ć¹ć»ćæć¤ćå(ęåć®å¼ę°)ććŖć½ć¼ć¹ć»ćæć¤ćć®ååć«äøč“ćć¾ć(大ęåå°ęåć®åŗå„ćÆćŖć)ć
ćŖć½ć¼ć¹å(2ć¤ē®ć®å¼ę°)ććŖć½ć¼ć¹ć»ć¤ć³ć¹ćæć³ć¹ć®ååć«å®å Øć«äøč“ćć¾ćć
ć¢ćÆć·ć§ć³ć»ćŖć¹ć(3ć¤ē®ć®å¼ę°)ćććŖć½ć¼ć¹ć»ćæć¤ćć§ęå®ććć¦ććć¢ćÆć·ć§ć³ć®ć«ć³ćåŗåććŖć¹ćć§ćć
ćŖć½ć¼ć¹ć»ćæć¤ćć®ćććć£ć»ćÆć©ć¹ć«ć¤ćć¦
ćŖć½ć¼ć¹ć»ćæć¤ćć®ä½ęęć«ćŖćć·ć§ć³ć§ćććć£ć»ćÆć©ć¹ćęå®ć§ćć¾ććęå®ććŖćć£ćå “åćÆćććć©ć«ćć®oracle.security.jps.ResourcePermission
ćä½æēØććć¾ćć
ćć ćć2ć¤ä»„äøć®ćŖć½ć¼ć¹ć»ćæć¤ćć§åäøć®ćŖć½ć¼ć¹ć»ćććć£ć»ćÆć©ć¹ćå ±ęćććå “åćÆćꬔć®ćÆć©ć¹ć®ććććć«ććåæ č¦ćććć¾ćć
ćÆć©ć¹oracle.security.jps.ResourcePermission
.
ę½č±”ćÆć©ć¹oracle.security.jps.AbstractTypedPermission
ćę”å¼µććå
·ä½ćÆć©ć¹(ćććÆꬔć®ćµć³ćć«ć§ćÆć©ć¹MyAbstractTypedPermissionćØćć¦ē¤ŗććć¦ćć¾ć)ć
public class MyAbstractTypedPermission extends AbstractTypedPermission { private static final long serialVersionUID = 8665318227676708586L; public MyAbstractTypedPermission(String resourceType, String resourceName, String actions) {super(resourceType, resourceName, actions); } }
ćÆć©ć¹oracle.security.jps.TypePermission
ćå®č£
ćććÆć©ć¹java.security.Permission
ćę”å¼µćććÆć©ć¹ć
ćć®ē« ć§ćÆćOracle ADFć»ćć„ćŖćć£ćä½æēØććć«OPSSćä½æēØććJava EEć¢ććŖć±ć¼ć·ć§ć³ć§ćč¦ćććęåć«ććę§ęćØććć±ć¼ćøåć«ć¤ćć¦čŖ¬ęćć¾ćććć ććäøéØć®ććććÆćÆćOracle ADFć¢ććŖć±ć¼ć·ć§ć³ć«ćå½ć¦ćÆć¾ćć¾ććåÆ¾č±”čŖč ćÆćOracle JDeveloperē°å¢ć®å¤éØć§Java EEć¢ććŖć±ć¼ć·ć§ć³ćę§ęććććć±ć¼ćøåććéēŗč ć§ććć¾ććć¢ćµć¼ććććć¦ć¼ć¶ć¼ćØćć¦å®č”ć«ä½æēØć§ććAPIć«ć¤ćć¦ćčŖ¬ęćć¾ćć
Java SEć¢ććŖć±ć¼ć·ć§ć³ć®ę å ±ćÆćē¬¬19ē« ćOPSSćä½æēØććććć®Java SEć¢ććŖć±ć¼ć·ć§ć³ć®ę§ęććåē §ćć¦ćć ććć
ćć®ē« ćÆꬔć®é ć«åććć¦ćć¾ć:
ē¬¬18.1é ćJava EEć¢ććŖć±ć¼ć·ć§ć³ć®čŖčؼććććÆćøć®ćŖć³ćÆć
ē¬¬18.2é ććµć¼ćć¬ććć»ćć£ć«ćæćØEJBć¤ć³ćæć¼ć»ććæć®ę§ęć
ē¬¬18.4é ćJava EEć¢ććŖć±ć¼ć·ć§ć³ć®ęåć«ććććć±ć¼ćøåć
ē¬¬18.5é ćOPSSćä½æēØććććć®ć¢ććŖć±ć¼ć·ć§ć³ć®ę§ęć
ē¬¬18.6é ćć¢ćµć¼ććććć¦ć¼ć¶ć¼ćØćć¦ć®å®č”ć
éēŗęććććć¤ęćå®č”ęććć³ćććć¤å¾ć®ć¢ććŖć±ć¼ć·ć§ć³ē®”ēć«é¢äæćććć”ć¤ć«ćÆćꬔć®ćØććć§ćć
DOMAIN_HOME/config/fmwconfig/jps-config.xml
DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml
jazn-data.xml
(ć¢ććŖć±ć¼ć·ć§ć³EARćć”ć¤ć«å
)
cwallet.sso
(ć¢ććŖć±ć¼ć·ć§ć³EARćć”ć¤ć«å
)
web.xml
(ć¢ććŖć±ć¼ć·ć§ć³EARćć”ć¤ć«å
)
weblogic-application.xml
(ć¢ććŖć±ć¼ć·ć§ć³EARćć”ć¤ć«å
)
ꬔć«ćććććć„ć”ć³ćć§ćÆćJava EEć¢ććŖć±ć¼ć·ć§ć³ć®čŖčؼéēŗć«ć¤ćć¦čŖ¬ęćć¾ćć
Oracle WebLogic Serverć§ć®čŖčؼć«é¢ććäøč¬ę å ±ćÆććOracle WebLogic Serverć»ćć„ćŖćć£ć®ēč§£ćć®ē¬¬3ē« ć«ććčŖčؼć«é¢ććčŖ¬ęćåē §ćć¦ćć ććć
WebLogic Securityćµć¼ćć¹ćä½æēØććć¢ććŖć±ć¼ć·ć§ć³ć®éēŗ
ē¬¬3ē« ćWebć¢ććŖć±ć¼ć·ć§ć³ć®äæč·ć
ē¬¬4ē« ćJava Clientć§ć®JAASčŖčؼć®ä½æēØć
ē¬¬5ē« ćJava Clientć§ć®SSLčŖčؼć®ä½æēØć
Oracle WebLogic Serverć®ć»ćć„ćŖćć£ć»ćććć¤ćć®éēŗ
ē¬¬4ē« ćčŖčؼćććć¤ćć
ē¬¬5ē« ćIDć¢ćµć¼ć·ć§ć³ć»ćććć¤ćć
ē¬¬13ē« ććµć¼ćć¬ććć®čŖčؼćć£ć«ćæć
Java EEć¢ććŖć±ć¼ć·ć§ć³å ć®ć«ć¹ćæć ć»ć¢ćøć„ć¼ć«ćÆćčŖčؼćććć¤ćć§ć©ććććåæ č¦ćććć¾ććč©³ē“°ćÆććOracle WebLogic Serverć»ćć„ćŖćć£ć»ćććć¤ćć®éēŗćć®ć«ć¹ćæć čŖčؼćććć¤ćć®éēŗę¹ę³ć«é¢ććčŖ¬ęćåē §ćć¦ćć ććć
Java EEć¢ććŖć±ć¼ć·ć§ć³ć§ä½æēØććććć°ć¤ć³ć»ć¢ćøć„ć¼ć«ć«ć¤ćć¦ćÆćꬔć®ććć„ć”ć³ććåē §ćć¦ćć ććć
ćOracle WebLogic Serverć»ćć„ćŖćć£ć»ćććć¤ćć®éēŗćć®ē¬¬4ē« ć«ććLoginModuleć«é¢ććčŖ¬ę
ćWebLogicć»ćć„ćŖćć£ć»ćµć¼ćć¹ć«ććć¢ććŖć±ć¼ć·ć§ć³ć®éēŗćć®ē¬¬4ē« ć«ććJAASčŖčؼć®éēŗē°å¢ć«é¢ććčŖ¬ę
ćć¹ć¦ć®OPSS API javadocćøć®ćŖć³ćÆć«ć¤ćć¦ćÆćē¬¬G.1é ćOPSS APIćŖćć”ć¬ć³ć¹ććåē §ćć¦ćć ććć
OPSSćÆćµć¼ćć¬ććć»ćć£ć«ćæJpsFilter
ćØEJBć¤ć³ćæć¼ć»ććæJpsInterceptor
ćåćć¦ćć¾ććåč
ćÆWARćć”ć¤ć«ć§ććć±ć¼ćøåććććć”ć¤ć«web.xml
ć§ćå¾č
ćÆJARćć”ć¤ć«ć§ććć±ć¼ćøåććććć”ć¤ć«ejb-jar.xml
ć§ę§ęććć¾ććć¢ććŖć±ć¼ć·ć§ć³MBeanćć¢ćÆć»ć¹ććć¹ćć©ć¤ćććć”ć¤ć«web.xml
ć§ę§ęććę¹ę³ććOPSSć«ćć£ć¦ęä¾ććć¾ććč©³ē“°ćÆććć¢ććŖć±ć¼ć·ć§ć³MBeansć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć®ę§ęććåē
§ćć¦ćć ććć
WebLogicć§ćÆćJpsFilterćÆććć©ć«ćć®ćć©ć”ć¼ćæå¤ć§čŖåēć«čØå®ććććć®ć¾ć¾ććć«ä½æēØć§ććććććććć¤ć”ć³ćć»ćć£ć¹ćÆćŖććæć§ęē¤ŗēć«ę§ęććåæ č¦ćÆććć¾ćććććć©ć«ćå¤ä»„å¤ć®å¤ćčØå®ććå “åć«ć®ćæęåę§ęćåæ č¦ć§ććJpsInterceptorćÆęåć§ę§ęććåæ č¦ćććć¾ćć
ę³Øę: Oracle ADFć¢ććŖć±ć¼ć·ć§ć³ć«åæ
č¦ćŖćµć¼ćć¬ććć»ćć£ć«ćæ( ćć®é ć§čŖ¬ęćć¦ććęåć«ććę§ęćÆćꬔć§čŖ¬ęćć¦ććOPSSę©č½ćOracle JDeveloperē°å¢ć®å¤éØć§ä½æēØćć¦Java EEć¢ććŖć±ć¼ć·ć§ć³ćććć±ć¼ćøåć¾ććÆę§ęććå “åć«ć®ćæåæ č¦ć§ćć |
OPSSć§ćÆćMBeanćä½æēØććć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć®ęå®ćåÆč½ć§ććč©³ē“°ćÆććć¢ććŖć±ć¼ć·ć§ć³MBeansć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć®ę§ęććåē §ćć¦ćć ććć
ćµć¼ćć¬ććć»ćć£ć«ćæćØEJBć¤ć³ćæć¼ć»ććæćÆåććć©ć”ć¼ćæć»ć»ćććä½æēØćć¦ę§ęć§ćć¾ćććććć®ćć©ć”ć¼ćæć«ćć£ć¦ććµć¼ćć¬ććć¾ććÆEnterprise Java Bean (EJB)ć®ę¬”ć®ę©č½ćć«ć¹ćæćć¤ćŗć§ćć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³å(ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ććØå¼ć¶ę¹ććµćććććć¢ććŖć±ć¼ć·ć§ć³ć®web.xml
ćć”ć¤ć«å
ć§ęå®ććććØćåÆč½)ćÆćé©ēØåÆč½ćŖććŖć·ć¼ć»ć»ćććę±ŗå®ććććć«ćå®č”ęć«ä½æēØććć¾ććć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ććÆćęå®ććŖćå “åćć¢ććŖć±ć¼ć·ć§ć³ID(ć¢ććŖć±ć¼ć·ć§ć³åćå«ć¾ćć)ćććć©ć«ćå¤ćØćć¦ä½æēØććć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć§ćÆćććŖć·ć¼ć»ć¹ćć¢å ć®ććŖć·ć¼ć®ćµćć»ćććå®ē¾©ććć¾ććć¢ććŖć±ć¼ć·ć§ć³ć§ćć®ććŖć·ć¼ć»ćµćć»ćććä½æēØććå “åćÆććć®ć¢ććŖć±ć¼ć·ć§ć³åćØåćęååćä½æēØćć¦ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ććå®ē¾©ćć¾ćććć®ę¹ę³ć«ćć£ć¦ćććŖć·ć¼ć»ć¹ćć¢å ć®ććŖć·ć¼ć®åććµćć»ćććč¤ę°ć®ć¢ććŖć±ć¼ć·ć§ć³ć§ä½æēØć§ćć¾ćć
åæåćć¼ć«ćØčŖčؼćć¼ć«ć®ę©č½ćÆććåæåć¦ć¼ć¶ć¼ćØćć¼ć«ćććć³ćčŖčؼćć¼ć«ćć®é ć§čŖ¬ęćć¾ćć
ćµć¼ćć¬ććć§ćÆćč¦ē“ <filter-mapping>
ć§ćć£ć«ćæć®ä½æēØćęå®ćć¾ćććć®ćććŖč¦ē“ ćÆććµć¼ćć¬ććććØććć£ć«ćæććØć«1ć¤åæ
č¦ć§ćć
EJBć§ćÆćč¦ē“ <interceptor-binding>
ć§ć¤ć³ćæć¼ć»ććæć®ä½æēØćęå®ćć¾ćććć®ćććŖč¦ē“ ćÆćEJBććØćć¤ć³ćæć¼ć»ććæććØć«1ć¤åæ
č¦ć§ććč©³ē“°ćÆććć¤ć³ćæć¼ć»ććæę§ęę§ęććåē
§ćć¦ćć ććć
ä½æēØåÆč½ćŖćć©ć”ć¼ćæć®ę¦č¦ćÆćććć£ć«ćæććć³ć¤ć³ćæć¼ć»ććæć»ćć©ć”ć¼ćæć®ę¦č¦ććåē §ćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³å(ć¹ćć©ć¤ć)
ćć®å¤ćÆćꬔć®ćć©ć”ć¼ćæć§å¶å¾”ćć¾ćć
application.name
ćć®ćć©ć”ć¼ćæć®ęå®ćÆćŖćć·ć§ć³ć§ććęå®ęć«ćÆ大ęåćØå°ęåćåŗå„ććć¾ććęå®ććŖććØćććć©ć«ćć§ćććć¤ććć¢ććŖć±ć¼ć·ć§ć³ć®ååć«ćŖćć¾ćććć®å¤ć«ćć£ć¦ććć®ć¢ććŖć±ć¼ć·ć§ć³ćä½æēØćććććŖć·ć¼ć»ć¹ćć¢å ć®ććŖć·ć¼ć®ćµćć»ćććå®ē¾©ććć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ććęå®ćć1ć¤ć®ę¹ę³ćÆćfilterč¦ē“ å ć«é ē½®ććććØć§ććꬔć«ä¾ćē¤ŗćć¾ćć
<filter> <filter-name>JpsFilter</filter-name> <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class> <init-param> <param-name>application.name</param-name> <param-value>stripeid</param-value> </init-param> </filter>
ćć1ć¤ć®ęå®ę¹ę³ćÆćcontext-paramč¦ē“ å ć«é ē½®ććććØć§ććꬔć«ä¾ćē¤ŗćć¾ćć
<context-param> <description>JPS custom stripe id</description> <param-name>application.name</param-name> <param-value>stripeid</param-value> </context-param>
ćć®ęå¾ć®ę§ęćåæ č¦ć«ćŖćć®ćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć»ć¹ćć¢ć«ć¢ćÆć»ć¹ććMBeansćć¢ććŖć±ć¼ć·ć§ć³ć«å«ć¾ććć¢ććŖć±ć¼ć·ć§ć³åćć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćåćØē°ćŖćå “åć§ććč©³ē“°ćÆććć¢ććŖć±ć¼ć·ć§ć³MBeansć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć®ę§ęććåē §ćć¦ćć ććć
ę§ęä¾
ćµć¼ćć¬ććć®å “åććć³EJBć®å “åć®ćć®ćć©ć”ć¼ćæć®ę§ęććꬔć®2ć¤ć®ćµć³ćć«ć§ē¤ŗćć¾ćć
web.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆćå¾ē¶ć®čŖåÆćć§ććÆć§ę£ććč©ä¾”ćććććć«ććć£ć«ćæćä½æēØćć¦2ć¤ć®ćµć¼ćć¬ććMyServlet1
ććć³MyServlet2
ćęå¹ć«ććę§ęę¹ę³ćē¤ŗćć¦ćć¾ććåäøć®WARćć”ć¤ć«å
ć®ćµć¼ćć¬ćććÆćåøøć«åćććŖć·ć¼ć»ć¹ćć©ć¤ććä½æēØććē¹ć«ę³Øęćć¦ćć ććć
<filter> <filter-name>JpsFilter</filter-name> <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class> <init-param> <param-name>application.name</param-name> <param-value>MyAppName</param-value> </init-param> </filter> <filter-mapping> <filter-name>JpsFilter</filter-name> <servlet-name>MyServlet1</servlet-name> <dispatcher>REQUEST</dispatcher> </filter-mapping> <filter-mapping> <filter-name>JpsFilter</filter-name> <servlet-name>MyServlet2</servlet-name> <dispatcher>REQUEST</dispatcher> </filter-mapping>
ejb-jar.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆćć¤ć³ćæć¼ć»ććæć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć«åƾććMyAppName
ć®čØå®ćØćEJB MyEjb
ć«ććć¤ć³ćæć¼ć»ććæć®ä½æēØćē¤ŗćć¦ćć¾ćć
<interceptor> <interceptor-class>oracle.security.jps.ee.ejb.JpsInterceptor</interceptor-class> <env-entry> <env-entry-name>application.name</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value>MyAppName</env-entry-value> <injection-target> <injection-target-class> oracle.security.jps.ee.ejb.JpsInterceptor</injection-target-class> <injection-target-name>application_name</injection-target-name> </injection-target> </env-entry> </interceptor> ... <interceptor-binding> <ejb-name>MyEjb</ejb-name> <interceptor-class> oracle.security.jps.ee.ejb.JpsInterceptor</interceptor-class> </interceptor-binding>
ćć®ä¾ć§ćć¤ć³ćæć¼ć»ććæę§ęę§ęć®č¦ä»¶ćć©ć®ććć«ęŗćććć¦ćććć«ę³Øęćć¦ćć ććć
ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć®ćµćć¼ć
ćµććøć§ćÆććøć®ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć®čæ½å ćÆćꬔć®ćć©ć”ć¼ćæć§å¶å¾”ćć¾ćććććÆtrueć¾ććÆfalseć«čØå®ć§ćć¾ćć
add.application.roles
ćµććøć§ćÆćć«ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ćčæ½å ććć«ćÆććć®ććććć£ćtrueć«čØå®ćć¾ććčæ½å ććŖćå “åćÆćfalseć«čØå®ćć¾ććććć©ć«ćå¤ćÆtrueć§ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć®ććŖć³ć·ćć«ć»ćÆć©ć¹ćÆćꬔć®ćØććć§ćć
oracle.security.jps.service.policystore.ApplicationRole
åæåć¦ć¼ć¶ć¼ććć³åæåćć¼ć«ć®ćµćć¼ć
ćµć¼ćć¬ććć«ćććåæåć®ä½æēØćÆćꬔć®ćć©ć”ć¼ćæć§å¶å¾”ćć¾ćććććÆtrueć¾ććÆfalseć«čØå®ć§ćć¾ćć
enable.anonymous remove.anonymous.role
EJBć®å “åćÆćåæåć¦ć¼ć¶ć¼ććć³åæåćć¼ć«ć®ä½æēØćåøøć«ęå¹ć§ćććććåčæ°ć®2ēŖē®ć®ćć©ć”ć¼ćæć®ćæćä½æēØć§ćć¾ćć
ćµć¼ćć¬ććć®å “åćåæåć¦ć¼ć¶ć¼ć®ä½æēØćęå¹ć«ććć«ćÆęåć®ććććć£ćtrueć«čØå®ććē”å¹ć«ććć«ćÆfalseć«čØå®ćć¾ććććć©ć«ćå¤ćÆtrueć§ćć
ćµććøć§ćÆćććåæåćć¼ć«ćåé¤ććć«ćÆ2ēŖē®ć®ććććć£ćtrueć«čØå®ććäæęććć«ćÆfalseć«čØå®ćć¾ććććć©ć«ćå¤ćÆfalseć§ććåæåć¦ć¼ć¶ć¼ććć³åæåćć¼ć«ćÆćéåøøćÆčŖčؼå¾ć«åé¤ććčŖčؼå¾ć«äæęććć®ćÆē¹ę®ćŖå “åć®ćæć§ćć
åæåć¦ć¼ć¶ć¼ć®ććć©ć«ćåćØććŖć³ć·ćć«ć»ćÆć©ć¹ćÆćꬔć®ćØććć§ćć
anonymous oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl
åæåćć¼ć«ć®ććć©ć«ćåćØććŖć³ć·ćć«ć»ćÆć©ć¹ćÆćꬔć®ćØććć§ćć
anonymous-role oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl
web.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆććććć®ćć©ć”ć¼ćæć®čØå®ććć³ćµć¼ćć¬ććMyServlet
ć«ćććć£ć«ćæJpsFilter
ć®ä½æēØćē¤ŗćć¦ćć¾ćć
<filter> <filter-name>JpsFilter</filter-name> <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class> <init-param> <param-name>enable.anonymous</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>remove.anonymous.role</param-name> <param-value>false</param-value> </init-param> </filter> <filter-mapping> <filter-name>JpsFilter</filter-name> <servlet-name>MyServlet</servlet-name> <dispatcher>REQUEST</dispatcher> </filter-mapping>
ejb-jar.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆćē¬¬2ćć©ć”ć¼ćæć«åƾććfalseć®čØå®ćØćEnterprise Java Bean MyEjb
ć«ććć¤ć³ćæć¼ć»ććæć®ä½æēØćē¤ŗćć¦ćć¾ćć
<interceptor> <interceptor-class>oracle.security.jps.ee.ejb.JpsInterceptor</interceptor-class> <env-entry> <env-entry-name>remove.anonymous.role</env-entry-name> <env-entry-type>java.lang.Boolean</env-entry-type> <env-entry-value>false</env-entry-value> <injection-target> <injection-target-class>
oracle.security.jps.ee.ejb.JpsInterceptor</injection-target-class> <injection-target-name>remove_anonymous_role/injection-target-name> </injection-target> </env-entry> </interceptor> ... <interceptor-binding> <ejb-name>MyEjb</ejb-name> <interceptor-class>
oracle.security.jps.ee.ejb.JpsInterceptor</interceptor-class> </interceptor-binding>
ꬔć®ćć©ć°ć”ć³ććÆćććć°ć©ć ēć«åæåćµććøć§ćÆćććć³ćµććøć§ćÆćć®åæåćć¼ć«ćØåæåć¦ć¼ć¶ć¼ć«ć¢ćÆć»ć¹ććę¹ę³ćē¤ŗćć¦ćć¾ćć
import oracle.security.jps.util.SubjectUtil; // The next call returns the anonymous subject javax.security.auth.Subject subj = SubjectUtil.getAnonymousSubject(); // The next call extracts the anonymous role from the subject java.security.Principal p = SubjectUtil.getAnonymousRole(javax.security.auth.Subject subj) // Remove or retain anonymous role ... // The next call extracts the anonymous user from the subject java.security.Principal p = SubjectUtil.getAnonymousUser(javax.security.auth.Subject subj) // Remove or retain anonymous user ...
čŖčؼćć¼ć«ć®ćµćć¼ć
čŖčؼćć¼ć«ć®ä½æēØćÆćꬔć®ćć©ć”ć¼ćæć§å¶å¾”ćć¾ćććććÆtrueć¾ććÆfalseć«čØå®ć§ćć¾ćć
add.authenticated.role
čŖčؼćć¼ć«ććµććøć§ćÆćć«čæ½å ććć«ćÆćć®ćć©ć”ć¼ćæćtrueć«čØå®ććčæ½å ććŖćå “åćÆfalseć«čØå®ćć¾ććććć©ć«ćå¤ćÆtrueć§ćć
čŖčؼćć¼ć«ć®ććć©ć«ćåćØććŖć³ć·ćć«ć»ćÆć©ć¹ćÆćꬔć®ćØććć§ćć
authenticated-role oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl
web.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆććć®ćć©ć”ć¼ćæć®čØå®ććć³ćµć¼ćć¬ććMyServlet
ć«ćććć£ć«ćæJpsFilter
ć®ä½æēØćē¤ŗćć¦ćć¾ćć
<filter> <filter-name>JpsFilter</filter-name> <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class> <init-param> <param-name>add.authenticated.role</param-name> <param-value>false</param-value> </init-param> </filter> <filter-mapping> <filter-name>JpsFilter</filter-name> <servlet-name>MyServlet</servlet-name> <dispatcher>REQUEST</dispatcher> </filter-mapping>
JAASć¢ć¼ć
JAASć¢ć¼ćć®ä½æēØćÆćꬔć®ćć©ć”ć¼ćæć§å¶å¾”ćć¾ćć
oracle.security.jps.jaas.mode
ćć®ćć©ć”ć¼ćæćÆćꬔć®å¤ć«čØå®ć§ćć¾ćć
doAs doAsPrivileged off undefined subjectOnly
ććć©ć«ćå¤ćÆdoAsPrivileged
ć§ćććććć®å¤ć«ćć£ć¦ć”ć½ććcheckPermission
ć®åä½ćå¶å¾”ććę¹ę³ć®č©³ē“°ćÆćē¬¬17.3.3.1é
ćć”ć½ććcheckPermissionć®ä½æēØę¹ę³ććåē
§ćć¦ćć ććć
ćć®ćć©ć”ć¼ćæćä½æēØćććµć¼ćć¬ććććć³EJBć®ę§ęććꬔć®2ć¤ć®ćµć³ćć«ć§ē¤ŗćć¾ćć
web.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆććć®ćć©ć”ć¼ćæć®čØå®ććć³ćµć¼ćć¬ććMyServlet
ć«ćććć£ć«ćæJpsFilter
ć®ä½æēØćē¤ŗćć¦ćć¾ćć
<filter> <filter-name>JpsFilter</filter-name> <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class> <init-param> <param-name>oracle.security.jps.jaas.mode</param-name> <param-value>doAs</param-value> </init-param> </filter> <filter-mapping> <filter-name>JpsFilter</filter-name> <servlet-name>MyServlet</servlet-name> <dispatcher>REQUEST</dispatcher> </filter-mapping>
ejb-jar.xml
ćć”ć¤ć«ć®ę¬”ć®ćć©ć°ć”ć³ććÆććć®ćć©ć”ć¼ćæć«åƾććdoAs
ć®čØå®ćØćEnterprise Java Bean MyEjb
ć«ććć¤ć³ćæć¼ć»ććæJpsInterceptor
ć®ä½æēØćē¤ŗćć¦ćć¾ćć
<interceptor> <interceptor-class>oracle.security.jps.ee.ejb.JpsInterceptor</interceptor-class> <env-entry> <env-entry-name>oracle.security.jps.jaas.mode</env-entry-name> <env-entry-type>java.lang.String</env-entry-type> <env-entry-value>doAs</env-entry-value> <injection-target> <injection-target-class>
oracle.security.jps.ee.ejb.JpsInterceptor</injection-target-class> <injection-target-name>oracle_security_jps_jaas_mode
</injection-target-name> </injection-target> </env-entry> </interceptor> ... <interceptor-binding> <ejb-name>MyEjb</ejb-name> <interceptor-class>
oracle.security.jps.ee.ejb.JpsInterceptor</interceptor-class> </interceptor-binding>
ꬔć®č¦ä»¶ćØęå®ć®ē¹ę§ćÆćJpsInterceptor
ć®å “åć«ę§ęććććć¹ć¦ć®ćć©ć”ć¼ćæć«é©ēØććć¾ćć
ćć©ć”ć¼ćæć®čØå®ć§ćÆććć®ćæć¤ćć®ęå®(č¦ē“ <env-entry-type>
å
)ćåæ
č¦ć§ćć
ćć©ć”ć¼ćæć®čØå®ć«ćÆćč¦ē“ <injection-target>
ćåæ
č¦ć§ććććććć¤ć³ćæć¼ć»ććæć®ćÆć©ć¹ćØåććÆć©ć¹ć«ęå®ććåæ
č¦ćććć¾ć(č¦ē“ <injection-target-class>
å
)ćć¾ććććććć¢ć³ćć¼ć¹ć³ć¢ć«ē½®ęććęååćØćć¦åęøćč¾¼ćæćććć©ć”ć¼ćæåćåæ
č¦ć§ć(č¦ē“ <injection-target-name>
å
)ć
ć¤ć³ćæć¼ć»ććæć®EJBćøć®ćć¤ć³ćć£ć³ć°ćÆćEJBåćØć¤ć³ćæć¼ć»ććæć®ćÆć©ć¹ć«ćć£ć¦ęå®ćć¾ććć¤ć¾ććć¤ć³ćæć¼ć»ććæćÆćååć§ćÆćŖććć®ćÆć©ć¹ć«ćć£ć¦åē §ććć¾ćć
ꬔć®č”ØćÆćJpsFilterććć³JpsInterceptorć«ćć£ć¦ä½æēØććććć©ć”ć¼ćæć®čŖ¬ęćć¾ćØćććć®ć§ćć
č”Ø18-1 JpsFilterććć³JpsInterceptorćć©ć”ć¼ćæć®ę¦č¦
ćć©ć”ć¼ćæå | å¤ | ććć©ć«ć | ę©č½ | ę³Øę |
---|---|---|---|---|
application.name |
ä»»ęć®ęå¹ćŖęååćå¤ć§ćÆ大ęåćØå°ęåćåŗå„ććć¾ćć |
ćććć¤ćććć¢ććŖć±ć¼ć·ć§ć³ć®åå |
ćµć¼ćć¬ććć¾ććÆEJBć«ćć£ć¦ä½æēØćććććŖć·ć¼ć®ćµćć»ćććęå®ćć¾ćć |
ććŖć·ć¼ć»ć¹ćć¢å ć®åćććŖć·ć¼ć®ćµćć»ćććććć¤ćć®ćµć¼ćć¬ććć¾ććÆEJBć§å ±ęććå “åćÆćęå®ććåæ č¦ćććć¾ćć |
add.application.roles |
TRUEć¾ććÆFALSE |
TRUE |
ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ććµććøć§ćÆćć«čæ½å ćć¾ćć |
TRUEćććć©ć«ććŖć®ć§ć(FALSEć«)čØå®ććåæ č¦ćććć®ćÆćć¢ććŖć±ć¼ć·ć§ć³ćć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ććµććøć§ćÆćć«čæ½å ććŖćå “åć®ćæć§ćć |
enable.anonymous |
TRUEć¾ććÆFALSE |
TRUE |
ćµććøć§ćÆćć§åæåć¦ć¼ć¶ć¼ćęå¹ć¾ććÆē”å¹ć«ćć¾ćć |
TRUEć«čØå®ćććØćåæåć¦ć¼ć¶ć¼ććć³åæåćć¼ć«ćØćØćć«ćµććøć§ćÆććä½ęććć¾ćć |
remove.anonymous.role |
TRUEć¾ććÆFALSE |
FALSE |
čŖčؼå¾ć«ćµććøć§ćÆćć®ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ćäæęć¾ććÆåé¤ćć¾ćć |
ćµć¼ćć¬ććć§ć®ćæå©ēØåÆč½ć§ććEJBć§ćÆćåæåćć¼ć«ćÆåøøć«ćµććøć§ćÆćććåé¤ććć¾ććFALSEć«čØå®ćććØćåæåćć¼ć«ććčŖčؼå¾ććµććøć§ćÆćć§äæęćććTRUEć«čØå®ćććØćčŖčؼå¾ćåé¤ććć¾ćć |
add.authenticated.role |
TRUEć¾ććÆFALSE |
TRUE |
ćµććøć§ćÆćå ć§čŖčؼćć¼ć«ć®čæ½å ćčرåÆćć¾ćć |
TRUEćććć©ć«ćå¤ćŖć®ć§ć(FALSEć«)čØå®ććåæ č¦ćććć®ćÆćčŖčؼćć¼ć«ććµććøć§ćÆćć«å«ććŖćå “åć®ćæć§ćć |
oracle.security.jps.jaas.mode |
doAsPrivileged doAs Off undefined subjectOnly |
doAsPrivileged |
JAASć¢ć¼ććčØå®ćć¾ćć |
ć¢ććŖć±ć¼ć·ć§ć³ćꬔć®ę”件ćęŗććå “å:
ććŖć·ć¼ć»ć¹ćć¢ćøć®ć¢ćÆć»ć¹ććć³čŖåÆćć§ććÆćå®č”ććMBeansćå«ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćåćć¢ććŖć±ć¼ć·ć§ć³åćØē°ćŖćć
MBeanććć”ć¤ć³ć»ć»ćć„ćŖćć£ć»ć¹ćć¢ć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ćć«ć¢ćÆć»ć¹ććććć«ććć”ć¤ć«web.xml
ć®ć°ćć¼ćć«ć»ćć©ć”ć¼ćæ(ć¾ććÆć³ć³ććć¹ćć»ćć©ć”ć¼ćæ)application.name
ć§ć¹ćć©ć¤ćåćęå®ććåæ
č¦ćććć¾ććꬔć«ä¾ćē¤ŗćć¾ćć
<context-param> <description>JPS custom stripe id</description> <param-name>application.name</param-name> <param-value>stripeid</param-value> </context-param>
ę³Øę: Oracle JDeveloperćä½æēØćć¦ććå “åććć®ćć¼ć«ć«ćć£ć¦é©åćŖćÆć©ć¹ćéøęććć¾ćććććć£ć¦ćꬔć«čŖ¬ęććę§ęćÆćććŖć·ć¼ćOracle JDeveloperē°å¢å¤ć§å „åćććå “åć«ć®ćæåæ č¦ć§ćć |
ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć®ć”ć³ćć¼å ć§ęå®ććććÆć©ć¹ćÆćä»ć®ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć®ćÆć©ć¹ććꬔć®ććććć«ććåæ č¦ćććć¾ćć
weblogic.security.principal.WLSUserImpl weblogic.security.principal.WLSGroupImpl
ꬔć®ćć©ć°ć”ć³ććÆććØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ćć®ęå®ć«ććććććć®ćÆć©ć¹ć®ä½æēØćē¤ŗćć¦ćć¾ć(å¤Ŗåć®éØå)ć
éč¦: ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«åć§ćÆć大ęåå°ęåćåŗå„ććć¾ćć(ꬔć®ćµć³ćć«ć® ćØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ććć³ć°ć«ć¼ćåć§ćÆć大ęåå°ęåćåŗå„ććć¾ć(ꬔć®ćµć³ćć«ć® 大ęåå°ęåć®åŗå„ć«é¢ććę å ±ćÆćē¬¬J.4.2é ććć¼ććć·ć§ć³ć®ä»äøć¾ććÆåę¶ć®å¤±ę - 大ęåćØå°ęåć®äøäøč“ććåē §ćć¦ćć ććć |
<app-role>
<name>app_monitor</name>
<display-name>application role monitor</display-name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<members>
<member>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<name>app_operator</name>
</member>
<member>
<class>weblogic.security.principal.WLSGroupImpl</class>
<name>Developers</name>
</member>
</members>
</app-role>
ćć®é ć§ćÆćWebLogic Application Serverć«ćććć¤ćććµć¼ćć¬ććć¾ććÆEJB(ć«ć¹ćæć ć®ććŖć·ć¼ćØč³ę ¼čؼęćä½æēØ)ć®ććć±ć¼ćøåč¦ä»¶ć«ć¤ćć¦čŖ¬ęćć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ćÆććć”ć¤ć«jazn-data.xml
ć§å®ē¾©ćć¾ćććć®ćć”ć¤ć«ćć¢ććŖć±ć¼ć·ć§ć³ć«čæ½å ććććć«ćµćć¼ćććć¦ććåÆäøć®ę¹ę³ćÆćEARćć”ć¤ć«ć®ćć£ć¬ćÆććŖMETA-INF
ć§ćć®ćć”ć¤ć«ćććć±ć¼ćøåććććØć§ćć
ćµć¼ćć¬ćććÆćę§ęćć”ć¤ć«web.xml
ćå«ćWARćć”ć¤ć«ć§ććć±ć¼ćøåćććEJBćÆćę§ęćć”ć¤ć«ejb-jar.xml
ćå«ćWARćć”ć¤ć«ć§ććć±ć¼ćøåććć¾ććWARćć”ć¤ć«ć§ćÆććć£ć«ćæJpsFilter
(ćµć¼ćć¬ććēØ)ć¾ććÆć¤ć³ćæć¼ć»ććæJpsInterceptor
(EJBēØ)ć®ę§ęććåƾåæććę§ęćć”ć¤ć«ć«å«ććåæ
č¦ćććć¾ćć
ꬔć®čŖ¬ęćÆććµć¼ćć¬ććć®ććć±ć¼ćøåććć³ćć”ć¤ć«web.xml
ć§ć®JpsFilter
ć®ę§ęćčę
®ćć¦ćć¾ćććEJBć®ććć±ć¼ćøåććć³ćć”ć¤ć«ejb-jar.xml
ć§ć®JpsInterceptor
ć®ę§ęć«ćåēć«é©ēØć§ćć¾ćć
éč¦: ē¾åØćEARćć”ć¤ć«å
ć«ćććć¹ć¦ć® |
JpsFilterććć³JpsInterceptorć®č©³ē“°ćÆćććµć¼ćć¬ććć»ćć£ć«ćæćØEJBć¤ć³ćæć¼ć»ććæć®ę§ęććåē §ćć¦ćć ććć
ć«ć¹ćæć ć®ććŖć·ć¼ććć³č³ę ¼čؼęćä½æēØććJava EEć¢ććŖć±ć¼ć·ć§ć³ć«åƾććććć±ć¼ćøåć®č¦ä»¶ćØåęę”件ćÆćꬔć®ćØććć§ćć
ćććć¤ćććć¢ććŖć±ć¼ć·ć§ć³ćÆć1ć¤ć®EARćć”ć¤ć«ć«ććć±ć¼ćøåććåæ č¦ćććć¾ćć
EARćć”ć¤ć«ć«ćÆććć”ć¤ć«META-INF/jazn-data.xml
ć1ć¤å«ć¾ćć¦ććåæ
č¦ćććć¾ćććć®ćć”ć¤ć«ć§ćć¢ććŖć±ć¼ć·ć§ć³ć®ććŖć·ć¼ććć³ćć¼ć«ćęå®ćććććććÆćć®EARćć”ć¤ć«å
ć®ćć¹ć¦ć®ć³ć³ćć¼ćć³ćć«åēć«é©ēØććć¾ćć
EARćć”ć¤ć«ć«ćÆć1ć¤ä»„äøć®WARćć”ć¤ć«ćå«ććććØćć§ćć¾ćć
EARćć”ć¤ć«å
ć®åWARć¾ććÆJARćć”ć¤ć«ć«ćÆćweb.xml
(ć¾ććÆejb-jar.xml
)ć1ć¤å«ć¾ćć¦ććåæ
č¦ćććć¾ććććć§ćJpsFilter
(ć¾ććÆJpsInterceptor
)ćę§ęććććć¹ć¦ć®EARćć”ć¤ć«å
ć®ćć®ćććŖę§ęćÆåäøć§ććåæ
č¦ćććć¾ćć
cwallet.sso
ćć”ć¤ć«å
ć®ć³ć³ćć¼ćć³ćč³ę ¼čؼęćÆćEARćć”ć¤ć«ć«ććć±ć¼ćøåć§ćć¾ćććććć®č³ę ¼čؼęćÆćOracle Enterprise Manager Fusion Middleware Controlćä½æēØćć¦ć¢ććŖć±ć¼ć·ć§ć³ććććć¤ććéć«č³ę ¼čؼęć¹ćć¢ć«ē§»č”ć§ćć¾ćć
ę³Øę: ć³ć³ćć¼ćć³ćć§ćä»ć®ć³ć³ćć¼ćć³ććØćÆē°ćŖććć£ć«ćæć®ę§ęćåæ č¦ćŖå “åćÆćå„åć®EARćć”ć¤ć«ć«ććć±ć¼ćøåćć¦ćććć¤ććåæ č¦ćććć¾ćć |
ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ćÆććć”ć¤ć«jazn-data.xml
ć§å®ē¾©ćć¾ćććć®ćć”ć¤ć«ćć¢ććŖć±ć¼ć·ć§ć³ć«čæ½å ććććć«ćµćć¼ćććć¦ććåÆäøć®ę¹ę³ćÆćEARćć”ć¤ć«ć®ćć£ć¬ćÆććŖMETA-INF
ć§ćć®ćć”ć¤ć«ćććć±ć¼ćøåććććØć§ććEARćć”ć¤ć«ć«ćÆćć¼ćå仄äøć®WARćć”ć¤ć«ćå«ććććØćć§ćć¾ćććććŖć·ć¼ćÆEARćć£ć¬ćÆććŖć«ćććć®XMLćć”ć¤ć«ć§ć®ćæęå®ć§ćć¾ććWARćć”ć¤ć«ć§1ć¤ć®ć³ć³ćć¼ćć³ćć«åƾćć¦ē¹å®ć®ććŖć·ć¼ćęå®ććć«ćÆćåčæ°ć®ęå®ć®ććć«ćć®ć³ć³ćć¼ćć³ććē¬čŖć®jazn-data.xml
ćć”ć¤ć«ć§å„åć®EARćć”ć¤ć«ć«ććć±ć¼ćøåććåæ
č¦ćććć¾ććä»ć®ććŖć·ć¼ć»ććć±ć¼ćøć®ēµåććÆććć®ćŖćŖć¼ć¹ć§ćÆćµćć¼ćććć¦ćć¾ćććęäøä½ć®jazn-data.xml
仄å¤ć®ććŖć·ć¼ć»ćć”ć¤ć«ćÆē”č¦ććć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć®č³ę ¼čؼęćÆćcwallet.sso
ćØććååć®ćć”ć¤ć«ć§å®ē¾©ćć¾ćććć®ćć”ć¤ć«ćć¢ććŖć±ć¼ć·ć§ć³ć«čæ½å ććććć«ćµćć¼ćććć¦ććåÆäøć®ę¹ę³ćÆćEARćć”ć¤ć«ć®ćć£ć¬ćÆććŖMETA-INF
ć§ćć®ćć”ć¤ć«ćććć±ć¼ćøåććććØć§ććEARćć”ć¤ć«ć«ćÆćć¼ćå仄äøć®WARćć”ć¤ć«ćå«ććććØćć§ćć¾ćććč³ę ¼čؼęćÆćć®EARćć£ć¬ćÆććŖć«ććcwallet.sso
ćć”ć¤ć«ć§ć®ćæęå®ć§ćć¾ććWARćć”ć¤ć«ć§1ć¤ć®ć³ć³ćć¼ćć³ćć«åƾćć¦ē¹å®ć®č³ę ¼čؼęćęå®ććć«ćÆćåčæ°ć®ęå®ć®ććć«ćć®ć³ć³ćć¼ćć³ććē¬čŖć®cwallet.sso
ćć”ć¤ć«ć§å„åć®EARćć”ć¤ć«ć«ććć±ć¼ćøåććåæ
č¦ćććć¾ććä»ć®č³ę ¼čؼęććć±ć¼ćøć®ēµåććÆćć®ćŖćŖć¼ć¹ć§ćÆćµćć¼ćććć¦ćć¾ćććęäøä½ć®cwallet.sso
仄å¤ć®č³ę ¼čؼęćć”ć¤ć«ćÆē”č¦ććć¾ćć
ćć®é ć§ćÆćOracle JDeveloperē°å¢ć®å¤éØć§éēŗćććJava EEć¢ććŖć±ć¼ć·ć§ć³ć®ććć«éēŗč ćęåć§å®č”ććććć¤ćć®ę§ęć«ć¤ćć¦čŖ¬ęćć¾ćććć®é ć®å 容ćÆꬔć®ćØććć§ćć
ćµćć¼ćććć¦ćććć¼ććć·ć§ć³ć»ćÆć©ć¹
ćć¼ćć¹ćć©ććč³ę ¼čؼęć®ęåć«ććęå®
migrateSecurityStorećä½æēØććć¢ć¤ćć³ćć£ćć£ć®ē§»č”
ę³Øę: WebLogic Serverć«ćććć¤ććć¢ććŖć±ć¼ć·ć§ć³ć®ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ćØč³ę ¼čؼęć®ē§»č”ćē”å¹ć«ććć«ćÆćć·ć¹ćć ć»ććććć£ ćć®ć·ć¹ćć ć»ććććć£ćTRUEć«čØå®ćććØććć¹ć¦ć®ć¢ććŖć±ć¼ć·ć§ć³ć§ććććć¤ć”ć³ćęć®ććŖć·ć¼ććć³č³ę ¼čؼęć®ē§»č”ćē”å¹ć«ćŖćć¾ććć¢ććŖć±ć¼ć·ć§ć³ć»ćć”ć¤ć« |
ćććć¤ć§ć®ć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć®ē§»č”ćÆćććć¤ćć®ćć©ć”ć¼ćæć«ćć£ć¦å¶å¾”ććć¾ćććććć®ćć©ć”ć¼ćæćÆćć”ć¤ć«META-INF/weblogic-application.xml
ć§ę§ęćć¾ćć
ć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ć¾ććÆåćććć¤ć§ććŖć·ć¼ć®ē§»č”ćå¶å¾”ćććć©ć”ć¼ćæććć³ć¢ć³ćććć¤ć§ććŖć·ć¼ć®åé¤ćå¶å¾”ćććć©ć”ć¼ćæćÆćꬔć®ćØććć§ćć
ē§»č”
ćŖć¹ćć¼
ććŖć³ć·ćć«ć®ę¤čؼ
ē§»č”ć®ćæć¼ć²ćć(ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ć)
åčæ°ć®åćć©ć”ć¼ćæć®ę§ęćØę©č½ććꬔć«čŖ¬ęćć¾ćć
ę³Øę: Fusion Middleware Controlć§ćÆćć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ćåćććć¤ć¾ććÆć¢ć³ćććć¤ć®éć«ććććć®ćć©ć”ć¼ćæć®ć»ćØćć©ćčØå®ć§ćć¾ććč©³ē“°ćÆćē¬¬6.2.1é ćFusion Middleware Controlćä½æēØććJava EEć¢ććŖć±ć¼ć·ć§ć³ćØOracle ADFć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ććåē §ćć¦ćć ććć ꬔć«čŖ¬ęććę§ęćÆćFusion Middleware Controlćä½æēØććŖćć§ć¢ććŖć±ć¼ć·ć§ć³ćē®”ēććå “åć«ć®ćæćęåć§å „åććåæ č¦ćććć¾ćć ē®”ēćµć¼ćć¼ćēؼåćć¦ććć³ć³ćć„ć¼ćæćØćÆē°ćŖćć³ć³ćć„ć¼ćæć§ēؼåćć¦ććē®”ēåÆ¾č±”ćµć¼ćć¼ć«ććć”ć¤ć«ćć¼ć¹ć®ć¹ćć¢ćä½æēØććć¢ććŖć±ć¼ć·ć§ć³ććććć¤ććå “åćÆćć©ć¤ććµć¤ćÆć«ć»ćŖć¹ćć¼ćä½æēØććŖćć§ćć ćććä½æēØććå “åćē®”ēåÆ¾č±”ćµć¼ćć¼ćØē®”ēćµć¼ćć¼ć«ćć£ć¦ē®”ēććć¦ćććć¼ćæćäøč“ćććć»ćć„ćŖćć£ćęå¾
ć©ććć«ę©č½ććŖćå “åćććć¾ććć©ć¤ććµć¤ćÆć«ć»ćŖć¹ćć¼ćä½æēØćććććć«WLSTć³ćć³ć ćć®ę³Øęē¹ćÆććć”ć¤ć«ćć¼ć¹ć®ć¹ćć¢ćä½æēØććå “åć«ć®ćæé©ēØććć¾ćć |
jps.policystore.migration
ćć®ćć©ć”ć¼ćæć§ćÆćē§»č”ćå®č”ćććć©ćććē§»č”ć®å®č”ęęćććć³ćæć¼ć²ććć»ć¹ćć¢ć®ććŖć·ć¼ććć¼ćøććć®ćäøęøćććć®ććęå®ćć¾ćć
WebLogicć§ćÆćꬔć®ćć©ć°ć”ć³ćć«ē¤ŗćććć«ę§ęćć¾ćć
<wls:application-param>
<wls:param-name>jps.policystore.migration</wls:param-name>
<wls:param-value>Option</wls:param-value>
</wls:application-param>
OptionćÆćMERGEćOVERWRITEćOFFć®ćććććč”Øćć¾ćć
OFFć«čØå®ćććØćććŖć·ć¼ć®ē§»č”ćč”ććć¾ćććMERGEć«čØå®ćććØćē§»č”ćč”ćććę¢åć®ććŖć·ć¼ćØćć¼ćøććć¾ććOVERWRITEć«čØå®ćććØćē§»č”ćč”ćććę¢åć®ććŖć·ć¼ćäøęøćććć¾ććććć©ć«ćå¤(ćććć¤ę)ćÆćMERGEć§ćć
jps.policystore.applicationid
ćć®ćć©ć”ć¼ćæć§ćÆćććŖć·ć¼ć®ē§»č”å ć§ćććæć¼ć²ććć»ć¹ćć©ć¤ććęå®ćć¾ćć
WebLogicć§ćÆćꬔć®ćć©ć°ć”ć³ćć«ē¤ŗćććć«ę§ęćć¾ćć
<wls:application-param> <wls:param-name>jps.policystore.applicationid</wls:param-name> <wls:param-value>myApplicationStripe</wls:param-value> </wls:application-param>
ä»»ęć®ęå¹ćŖęååććć®ćć©ć”ć¼ćæć®å¤ć«čØå®ć§ćć¾ćććć®ćć©ć”ć¼ćæć®å¤ćęå®ććŖćå “åćÆćć¢ććŖć±ć¼ć·ć§ć³åćØćć¼ćøć§ć³ćććŖćć”application_name#versionć«åŗć„ćć¦ćOracle WebLogic Serverćć¹ćć©ć¤ćåćéøęćć¾ćć
ćć®ćć©ć”ć¼ćæć®å¤ćÆćJpsServletēØć«(ćć”ć¤ć«web.xml
ć§)ćć¾ććÆJpsInterceptorēØć«(ćć”ć¤ć«ejb-jar.xml
ć§)ęå®ććć¦ććapplication.name
å¤ć«äøč“ćććåæ
č¦ćććć¾ććč©³ē“°ćÆććć¢ććŖć±ć¼ć·ć§ć³å(ć¹ćć©ć¤ć)ććåē
§ćć¦ćć ććć
weblogic-application.xml
ććéøęćććå¤ćÆćććć¤ęć«ä½æēØćććweb.xml
ć¾ććÆejb-jar.xml
ććéøęćććå¤ćÆå®č”ęć«ä½æēØććć¾ćć
JpsApplicationLifecycleListener
ćć®ćć©ć”ć¼ćæćÆWebLogicć§ć®ćæćµćć¼ćććć¦ćć¾ććꬔć®ćć©ć°ć”ć³ćć«ē¤ŗćććć«čØå®ććåæ č¦ćććć¾ćć
<wls:listener> <wls:listener-class> oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener </wls:listener-class> </wls:listener>
jps.apppolicy.idstoreartifact.migration
ćć®ćć©ć”ć¼ćæćÆWebLogicć§ć®ćæćµćć¼ćććć¦ćć¾ćććć®ćć©ć”ć¼ćæć§ćÆććØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ć¾ććÆć°ć«ć¼ćć«åƾććć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ććć¼ććć·ć§ć³ć®ä»äøćŖć©ććØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ć¾ććÆć°ć«ć¼ćć«åƾććåē §ć®ē§»č”ćććŖć·ć¼ć®ē§»č”ććé¤å¤ćććć©ćććęå®ćć¾ćććć®ćććć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć®ćæć®ē§»č”ćåÆč½ćØćŖććęå¹ć«ćććØććØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ćć¾ććÆć¦ć¼ć¶ć¼ćøć®ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć®ćććć³ć°ććē§»č”ęć«ē”č¦ććć¾ćć
ćććÆćꬔć®ćć©ć°ć”ć³ćć«ē¤ŗćććć«ę§ęććć¾ćć
<wls:application-param>
<wls:param-name>jps.apppolicy.idstoreartifact.migration</wls:param-name>
<wls:param-value>Option</wls:param-value>
</wls:application-param>
OptionćÆćTRUEć¾ććÆFALSEć®ćććććč”Øćć¾ććFALSEć«čØå®ćććØććØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ć¾ććÆć°ć«ć¼ććåē §ććć¢ć¼ćć£ćć”ćÆćć®ē§»č”ćé¤å¤ććć¾ććé¤å¤ććŖćå “åćÆTRUEć«čØå®ćć¾ććęå®ććŖćć£ćå “åćÆćććć©ć«ćć®TRUEć«čØå®ććć¾ćć
éč¦: ćć®ćć©ć”ć¼ćæćFALSEć«čØå®ćć¦ć¢ććŖć±ć¼ć·ć§ć³ććććć¤ćć(ć¢ććŖć±ć¼ć·ć§ć³ć«åŗęć§ćŖćććŖć·ć¼ć®ē§»č”ćé¤å¤ććć)å “åćć¢ććŖć±ć¼ć·ć§ć³ććć”ć¤ć³å ć§ä½æēØććåć«ćē®”ēč ćÆFusion Middleware Controlć¾ććÆWebLogicē®”ēć³ć³ć½ć¼ć«ćä½æēØćć¦ć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ćććØć³ćæć¼ćć©ć¤ćŗć»ć°ć«ć¼ćć¾ććÆć¦ć¼ć¶ć¼ćøć®ćććć³ć°ćå®č”ććåæ č¦ćććć¾ćć ćć®čØå®ć«ćććć¢ććŖć±ć¼ć·ć§ć³ć»ćć¼ć«ć«åƾććē®”ēč ć®å¶å¾”ćććć«å¼·åććć¦ćććć«ę³Øęćć¦ćć ććć |
ꬔć®ä¾ćÆćåćjazn-data.xml
ćć”ć¤ć«ć®ćć©ć°ć”ć³ććē¤ŗćć¦ćć¾ććć¢ććŖć±ć¼ć·ć§ć³EARćć”ć¤ć«ć«ććć±ć¼ćøåććććć®ćć”ć¤ć«ć§ćÆćć¢ććŖć±ć¼ć·ć§ć³ć®čŖåÆććŖć·ć¼ćē¤ŗćć¾ćć
ćć”ć¤ć«system-jazn-data.xml
ćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć®ē§»č”å
ćØćŖććć”ć¤ć³ć®ćć”ć¤ć«ćć¼ć¹ć®ććŖć·ć¼ć»ć¹ćć¢ćč”Øćć¦ćć¾ć(ä¾ć§ćÆē°”ē“ åć®ććć«ä½æēØććć¦ćć¾ć)ć
ćć©ć”ć¼ćæjps.apppolicy.idstoreartifact.migration
ćFALSEć«čØå®ććć¦ććććØćåęćØćć¦ćć¾ćć
<!-- Example 1: app role applicationDeveloperRole in jazn-data.xml that references the enterprise group developers --> <app-role> <class>weblogic.security.principal.WLSGroupImpl</class> <name>applicationDeveloperRole</name> <display-name>application role applicationDeveloperRole</display-name> <members> <member> <class>weblogic.security.principal.WLSGroupImpl</class> <name>developers</name> </member> </members> </app-role> <!-- app role applicationDeveloperRole in system-jazn-data.xml after migration: notice how the role developers has been excluded --> <app-role> <name>applicationDeveloperRole</name> <display-name>application role applicationDeveloperRole</display-name> <guid>CB3633A0D0E811DDBF08952E56E4544A</guid> <class>weblogic.security.principal.WLSGroupImpl</class> </app-role> <!-- Example 2: app role viewerApplicationRole in jazn-data.xml makes reference to the anonymous role --> <app-role> <name>viewerApplicationRole</name> <display-name>viewerApplicationRole</display-name> <class>weblogic.security.principal.WLSGroupImpl</class> <members> <member> <class> oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl </class> <name>anonymous-role</name> </member> </members> </app-role> <!-- app role viewerApplicationRole in system-jazn-data.xml after migration: notice that references to the anonymous role are never excluded --> <app-role> <name>viewerApplicationRole</name> <display-name>viewerApplicationRole</display-name> <guid>CB3D86A0D0E811DDBF08952E56E4544A</guid> <class>weblogic.security.principal.WLSGroupImpl</class> <members> <member> <class> oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl </class> <name>anonymous-role</name> </member> </members> </app-role>
jps.policystore.removal
ćć®ćć©ć”ć¼ćæć§ćÆćć¢ć³ćććć¤ęć«ććŖć·ć¼ć®åé¤ćå®č”ććŖććć©ćććęå®ćć¾ćć
WebLogicć§ćÆćꬔć®ćć©ć°ć”ć³ćć«ē¤ŗćććć«ę§ęćć¾ćć
<wls:application-param> <wls:param-name>jps.policystore.removal</wls:param-name> <wls:param-value>OFF</wls:param-value> </wls:application-param>
čØå®ććå “åćÆććć®ćć©ć”ć¼ćæć®å¤ćOFFć«ććåæ č¦ćććć¾ććććć©ć«ćć§ćÆććć®ćć©ć”ć¼ćæćÆčØå®ććć¾ććć
OFFć«čØå®ććå “åćććŖć·ć¼ćÆåé¤ććć¾ćććčØå®ććŖćå “åćććŖć·ć¼ćÆåé¤ććć¾ćć
åäøć®ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ććč¤ę°ć®ć¢ććŖć±ć¼ć·ć§ć³ć§å ±ęććå “åćÆćåčæ°ć®čØå®ćčę ®ććåæ č¦ćććć¾ććć¢ććŖć±ć¼ć·ć§ć³ć®ć¢ć³ćććć¤ęćÆćä»ć®ć¢ććŖć±ć¼ć·ć§ć³ćå ±éć®ććŖć·ć¼ć»ć»ćććä½æēØćć¦ććåÆč½ę§ććććććć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ćåé¤ććŖćććéøęćć¾ćć
ę³Øę: ē¹å®ć®ć¢ććŖć±ć¼ć·ć§ć³ć«åƾćć¦ćć®ćć©ć”ć¼ćæćOFFć«čØå®ććå “åćÆććć®ć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ęć«ć¢ććŖć±ć¼ć·ć§ć³ć»ć¹ćć©ć¤ććä»ć®ć¢ććŖć±ć¼ć·ć§ć³ćØå ±ęććććć«ęå®ćććć©ćććē¢ŗčŖćć¦ććåæ č¦ćććć¾ćć |
jps.policystore.migration.validate.principal
ćć®ćć©ć”ć¼ćæćÆWebLogicć§ć®ćæćµćć¼ćććć¦ćć¾ćććć®ćć©ć”ć¼ćæć§ćÆććććć¤ęć¾ććÆåćććć¤ęć«ćć·ć¹ćć ććć³ć¢ććŖć±ć¼ć·ć§ć³ć®ććŖć·ć¼å ć®ććŖć³ć·ćć«ććć§ććÆćććć©ćććęå®ćć¾ćć
ćććÆćꬔć®ćć©ć°ć”ć³ćć«ē¤ŗćććć«ę§ęććć¾ćć
<wls:application-param> <wls:param-name>jps.policystore.migration.validate.principal</wls:param-name> <wls:param-value>TRUE</wls:param-value> </wls:application-param>
čØå®ććå “åćÆććć®ćć©ć”ć¼ćæć®å¤ćTRUEć¾ććÆFALSEć«ććåæ č¦ćććć¾ćć
TRUEć«čØå®ćććØććØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ććć³ć°ć«ć¼ćć®å¦„å½ę§ćć·ć¹ćć ć«ćć£ć¦ćć§ććÆććć¾ćć(ć¢ććŖć±ć¼ć·ć§ć³ć¾ććÆć·ć¹ćć ć»ććŖć·ć¼å ć®)ććŖć³ć·ćć«ćć¢ć¤ćć³ćć£ćć£ć»ć¹ćć¢ć«ćŖććØć³ćæć¼ćć©ć¤ćŗć»ć¦ć¼ć¶ć¼ć¾ććÆć°ć«ć¼ććåē §ććå “åćÆćč¦åćēŗč”ććć¾ććFALSEć«čØå®ćććØććć®ćć§ććÆćć¹ćććććć¾ćć
ćć®ćć©ć”ć¼ćæćčØå®ććŖćć£ćå “åć®ććć©ć«ćå¤ćÆćFALSEć§ćć
ę¤čؼćØć©ć¼ćÆćµć¼ćć¼ć»ćć°ć«čØé²ććć¾ććę¤čؼćØć©ć¼ćēŗēćć¦ćåä½ćÆåę¢ćć¾ććć
ćć®é ć§ćÆćć¢ććŖć±ć¼ć·ć§ć³ć»ććŖć·ć¼ć®ē®”ēęć«ę¬”ć®ćććŖåä½ćå®č”ććć®ć«åæ č¦ćŖčØå®ć«ć¤ćć¦čŖ¬ęćć¾ćć
äŗęććŖćē§»č”åä½ćēććå “åććććććꬔć®é ć«ē¤ŗćå¤ä»„å¤ć®å¤ćčØå®ććććØćÆćč¦ććć¾ćććč©³ē“°ćÆććęØå„Øäŗé ććåē §ćć¦ćć ććć
ć©ć®åä½ććFusion Middleware Controlć«ććć¢ććŖć±ć¼ć·ć§ć³ć®ćććć¤ęćåćććć¤ęć¾ććÆć¢ć³ćććć¤ęć«ćFusion Middleware Controlć§ęå®ć§ćć¾ćć
ꬔć®ćććŖćÆć¹ćÆćē§»č”ćč”ććŖćčØå®ćē¤ŗćć¦ćć¾ćć
č”Ø18-2 ććŖć·ć¼ć®ē§»č”ćć¹ćććććććć®čØå®
ćććć¤ęć¾ććÆåćććć¤ęć«ęå¹ | |
---|---|
JpsApplicationLifecycleListener |
čØå®ćć |
jps.policystore.migration |
OFF |
éåøøććć”ć¤ć³ć»ććŖć·ć¼ććć®ć¾ć¾äæęććå “åćÆć¢ććŖć±ć¼ć·ć§ć³ć®åćććć¤ęć«ććŖć·ć¼ć®ē§»č”ćć¹ććććć¾ćććåćć¦ć¢ććŖć±ć¼ć·ć§ć³ććććć¤ćććØććÆććŖć·ć¼ćē§»č”ćć¾ćć
ꬔć®ćććŖćÆć¹ćÆććæć¼ć²ććć»ć¹ćć¢ć«ćŖćććŖć·ć¼ć®ćæćē§»č”ććåæ é ććć³ćŖćć·ć§ć³ć®ćć©ć”ć¼ćæčØå®ćē¤ŗćć¦ćć¾ć(ćŖćć·ć§ć³ć»ćć©ć”ć¼ćæćÆ大ć«ćć³ć§å²ćć§ććć¾ć)ć