Interface KVSecurityConstants
-
- All Known Implementing Classes:
KVStoreConfig
public interface KVSecurityConstants
The KVSecurityConstants interface defines constants used for security configuration. These are most commonly use when populating a set if properties to be passed toKVStoreConfig.setSecurityProperties(java.util.Properties)
, but may be used as a reference when configuring a security property file.- Since:
- 3.0
-
-
Field Summary
Fields Modifier and Type Field Description static String
AUTH_EXT_MECH_PROPERTY
The name of the property to specify the external authentication mechanism to use for client logins.static String
AUTH_KRB_CCACHE_PROPERTY
The name of property to specify the location of the Kerberos credential cache file.static String
AUTH_KRB_KEYTAB_PROPERTY
The name of property to specify the location of the keytab file for Kerberos login.static String
AUTH_KRB_MUTUAL_PROPERTY
The name of property to specify whether to use mutual authentication for Kerberos external login mechanism.static String
AUTH_KRB_REALM_PROPERTY
The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.static String
AUTH_KRB_SERVICES_PROPERTY
The name of property to specify the Kerberos principals for services associated with each helper host.static String
AUTH_PWDFILE_PROPERTY
The name of the property that identifies a password store file containing the password of the user to authenticate.static String
AUTH_USERNAME_PROPERTY
The name of a property to specify a username for authentication.static String
AUTH_WALLET_PROPERTY
The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate.static String
CMD_PASSWORD_NOPROMPT_PROPERTY
The name of property to specify whether to automatically prompt password for command line utilities.static String
JAAS_LOGIN_CONF_NAME
The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration.static String
KRB_MECH_NAME
The value of theAUTH_EXT_MECH_PROPERTY
setting that enables the Kerberos login mechanism.static String
SECURITY_FILE_PROPERTY
The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.static String
SSL_CIPHER_SUITES_PROPERTY
The name of the property used to control what SSL/TLS cipher suites are acceptable for use.static String
SSL_HOSTNAME_VERIFIER_PROPERTY
The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS.static String
SSL_PROTOCOLS_PROPERTY
The name of the property used to control what SSL/TLS procotols are acceptable for use.static String
SSL_TRANSPORT_NAME
The value of theTRANSPORT_PROPERTY
setting that enables the use of SSL/TLS communication.static String
SSL_TRUSTSTORE_FILE_PROPERTY
The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server.static String
SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY
The name of the property to specify the alias in the password store for the password of the Java truststore that is referenced by theSSL_TRUSTSTORE_FILE_PROPERTY
property.static String
SSL_TRUSTSTORE_PASSWORD_PROPERTY
The name of the property to identify the password of the Java truststore that is referenced by theSSL_TRUSTSTORE_FILE_PROPERTY
property.static String
SSL_TRUSTSTORE_TYPE_PROPERTY
The name of the property to identify the type of Java truststore that is referenced by theSSL_TRUSTSTORE_FILE_PROPERTY
property.static String
TRANSPORT_PROPERTY
The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.
-
-
-
Field Detail
-
SECURITY_FILE_PROPERTY
static final String SECURITY_FILE_PROPERTY
The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.- See Also:
- Constant Field Values
-
TRANSPORT_PROPERTY
static final String TRANSPORT_PROPERTY
The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.- See Also:
- Constant Field Values
-
SSL_TRANSPORT_NAME
static final String SSL_TRANSPORT_NAME
The value of theTRANSPORT_PROPERTY
setting that enables the use of SSL/TLS communication. This property has the value "ssl".- See Also:
- Constant Field Values
-
SSL_CIPHER_SUITES_PROPERTY
static final String SSL_CIPHER_SUITES_PROPERTY
The name of the property used to control what SSL/TLS cipher suites are acceptable for use. This has the value "oracle.kv.ssl.ciphersuites". The property value is a comma-separated list of SSL/TLS cipher suite names. Refer to your Java documentation for the list of valid values.- See Also:
- Constant Field Values
-
SSL_PROTOCOLS_PROPERTY
static final String SSL_PROTOCOLS_PROPERTY
The name of the property used to control what SSL/TLS procotols are acceptable for use. This has the value "oracle.kv.ssl.protocols". The property value is a comma-separated list of SSL/TLS protocol names. Refer to your Java documentation for the list of valid values.- See Also:
- Constant Field Values
-
SSL_HOSTNAME_VERIFIER_PROPERTY
static final String SSL_HOSTNAME_VERIFIER_PROPERTY
The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS. This has the value "oracle.kv.ssl.hostnameVerifier". The only verification step currently supported is the "dnmatch" verifier.The dnmatch verifier must be specified in the form "dnmatch(distinguished-name)", where distinguished-name must be the NoSQL DB server certificate's distinguished name. For a typical secure deployment this should be "dnmatch(CN=NoSQL)".
- See Also:
- Constant Field Values
-
SSL_TRUSTSTORE_FILE_PROPERTY
static final String SSL_TRUSTSTORE_FILE_PROPERTY
The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server. This has the value "oracle.kv.ssl.trustStore". The property setting must be set to an absolute path for the file. If this property is not set, a system property setting of javax.net.ssl.trustStore will be used.- See Also:
- Constant Field Values
-
SSL_TRUSTSTORE_TYPE_PROPERTY
static final String SSL_TRUSTSTORE_TYPE_PROPERTY
The name of the property to identify the type of Java truststore that is referenced by theSSL_TRUSTSTORE_FILE_PROPERTY
property. This is only needed if using a non-default truststore type, and the specified type must be a type supported by your Java implementation. This has the value "oracle.kv.ssl.trustStoreType".- See Also:
- Constant Field Values
-
SSL_TRUSTSTORE_PASSWORD_PROPERTY
static final String SSL_TRUSTSTORE_PASSWORD_PROPERTY
The name of the property to identify the password of the Java truststore that is referenced by theSSL_TRUSTSTORE_FILE_PROPERTY
property. This property is only needed if using a password-protected PKCS12 truststore. This property has the value "oracle.kv.ssl.trustStorePassword".- See Also:
- Constant Field Values
-
SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY
static final String SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY
The name of the property to specify the alias in the password store for the password of the Java truststore that is referenced by theSSL_TRUSTSTORE_FILE_PROPERTY
property. This property is only needed if using a password-protected PKCS12 truststore and the password is kept in the password store. This property has the value "oracle.kv.ssl.trustStorePasswordAlias".- See Also:
- Constant Field Values
-
AUTH_USERNAME_PROPERTY
static final String AUTH_USERNAME_PROPERTY
The name of a property to specify a username for authentication. This has the value "oracle.kv.auth.username".- See Also:
- Constant Field Values
-
AUTH_WALLET_PROPERTY
static final String AUTH_WALLET_PROPERTY
The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate. This is only used in the Enterprise Edition of the product. This has the value "oracle.kv.auth.wallet.dir".- See Also:
- Constant Field Values
-
AUTH_PWDFILE_PROPERTY
static final String AUTH_PWDFILE_PROPERTY
The name of the property that identifies a password store file containing the password of the user to authenticate. This has the value "oracle.kv.auth.pwdfile.file".- See Also:
- Constant Field Values
-
AUTH_EXT_MECH_PROPERTY
static final String AUTH_EXT_MECH_PROPERTY
The name of the property to specify the external authentication mechanism to use for client logins. If this property is set, the client will be authenticated using the specified external mechanism, otherwise the internal login mechanism will be used.Currently, the only supported external login mechanism is: "KERBEROS".
- See Also:
- Constant Field Values
-
KRB_MECH_NAME
static final String KRB_MECH_NAME
The value of theAUTH_EXT_MECH_PROPERTY
setting that enables the Kerberos login mechanism. This property has the value "KERBEROS".- See Also:
- Constant Field Values
-
AUTH_KRB_SERVICES_PROPERTY
static final String AUTH_KRB_SERVICES_PROPERTY
The name of property to specify the Kerberos principals for services associated with each helper host. Setting this property is required if, as recommended, each host uses a different principal that includes its own principal name. All principals should specify the same service and realm. If this property is not set, the client will use "oraclenosql" as the principal name for services on all helper hosts.Each entry should specify the helper host name followed by the Kerberos service name, and optionally an instance name and realm name. The entries are separated by commas, ignoring spaces. If any entry does not specify a realm, each entry will use the default realm specified in Kerberos configuration file. If any entry specifies a realm name, then all entries must specify the same one. The syntax is:
host:service[/instance[@realm]][, host:service[/instance[@realm]]]*
For example:host37:nosql/host37@EXAMPLE.COM, host53:nosql/host53@EXAMPLE.COM
- See Also:
- Constant Field Values
-
AUTH_KRB_KEYTAB_PROPERTY
static final String AUTH_KRB_KEYTAB_PROPERTY
The name of property to specify the location of the keytab file for Kerberos login. This property has the value "oracle.kv.auth.kerberos.keytab". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting theJAAS_LOGIN_CONF_NAME
security property.If this property is not specified when authenticating with security properties, then authentication will be performed via the credentials cache, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If neither a keytab or a credentials cache is specified, then login will try the default credential cache and then the default keytab.
The default location of the keytab file is specified by the Kerberos configuration file. If the keytab is not specified there, then the system looks for the file:
user.home/krb5.keytab
- See Also:
- Constant Field Values
-
AUTH_KRB_REALM_PROPERTY
static final String AUTH_KRB_REALM_PROPERTY
The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.- See Also:
- Constant Field Values
-
AUTH_KRB_CCACHE_PROPERTY
static final String AUTH_KRB_CCACHE_PROPERTY
The name of property to specify the location of the Kerberos credential cache file. This property has the value "oracle.kv.auth.kerberos.ccache". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting theJAAS_LOGIN_CONF_NAME
security property.If this property is not specified when authenticating with security properties, then authentication will be performed via the keytab, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If both a keytab and a credentials cache are not specified, then login will try the default credential cache and then the default keytab.
The default location of the credential cache is /tmp/krb5cc_uid, where the uid is a numeric user identifier. If the credential cache is not found there, the system will look for the file:
user.home/krb5cc_user.name
- See Also:
- Constant Field Values
-
AUTH_KRB_MUTUAL_PROPERTY
static final String AUTH_KRB_MUTUAL_PROPERTY
The name of property to specify whether to use mutual authentication for Kerberos external login mechanism. Kerberos will perform mutual authentication if the property is set to true, and will not be performed if it is set to false or if it is not set.- See Also:
- Constant Field Values
-
JAAS_LOGIN_CONF_NAME
static final String JAAS_LOGIN_CONF_NAME
The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration. If not set, then all authentication parameters need to be provided by security properties.- See Also:
KerberosCredentials
, Constant Field Values
-
CMD_PASSWORD_NOPROMPT_PROPERTY
static final String CMD_PASSWORD_NOPROMPT_PROPERTY
The name of property to specify whether to automatically prompt password for command line utilities. If it is set to false or is not set, command line utilities will prompt for password automatically if given user name and password are not specified or unable to authenticate successfully. If the property is set to true, command line utilities will not prompt for passwords, and the login will fail if either the user or password is missing, or if the password is incorrect.- See Also:
- Constant Field Values
-
-