Package oracle.kv

Interface KVSecurityConstants

  • All Known Implementing Classes:
    KVStoreConfig
    public interface KVSecurityConstants
    The KVSecurityConstants interface defines constants used for security configuration. These are most commonly use when populating a set if properties to be passed to KVStoreConfig.setSecurityProperties(java.util.Properties), but may be used as a reference when configuring a security property file.
    Since:
    3.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String AUTH_EXT_MECH_PROPERTY
      The name of the property to specify the external authentication mechanism to use for client logins.
      static java.lang.String AUTH_KRB_CCACHE_PROPERTY
      The name of property to specify the location of the Kerberos credential cache file.
      static java.lang.String AUTH_KRB_KEYTAB_PROPERTY
      The name of property to specify the location of the keytab file for Kerberos login.
      static java.lang.String AUTH_KRB_MUTUAL_PROPERTY
      The name of property to specify whether to use mutual authentication for Kerberos external login mechanism.
      static java.lang.String AUTH_KRB_REALM_PROPERTY
      The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.
      static java.lang.String AUTH_KRB_SERVICES_PROPERTY
      The name of property to specify the Kerberos principals for services associated with each helper host.
      static java.lang.String AUTH_PWDFILE_PROPERTY
      The name of the property that identifies a password store file containing the password of the user to authenticate.
      static java.lang.String AUTH_USERNAME_PROPERTY
      The name of a property to specify a username for authentication.
      static java.lang.String AUTH_WALLET_PROPERTY
      The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate.
      static java.lang.String CMD_PASSWORD_NOPROMPT_PROPERTY
      The name of property to specify whether to automatically prompt password for command line utilities.
      static java.lang.String JAAS_LOGIN_CONF_NAME
      The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration.
      static java.lang.String KRB_MECH_NAME
      The value of the AUTH_EXT_MECH_PROPERTY setting that enables the Kerberos login mechanism.
      static java.lang.String SECURITY_FILE_PROPERTY
      The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.
      static java.lang.String SSL_CIPHER_SUITES_PROPERTY
      The name of the property used to control what SSL/TLS cipher suites are acceptable for use.
      static java.lang.String SSL_HOSTNAME_VERIFIER_PROPERTY
      The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS.
      static java.lang.String SSL_PROTOCOLS_PROPERTY
      The name of the property used to control what SSL/TLS procotols are acceptable for use.
      static java.lang.String SSL_TRANSPORT_NAME
      The value of the TRANSPORT_PROPERTY setting that enables the use of SSL/TLS communication.
      static java.lang.String SSL_TRUSTSTORE_FILE_PROPERTY
      The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server.
      static java.lang.String SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY
      The name of the property to specify the alias in the password store for the password of the Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property.
      static java.lang.String SSL_TRUSTSTORE_PASSWORD_PROPERTY
      The name of the property to identify the password of the Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property.
      static java.lang.String SSL_TRUSTSTORE_TYPE_PROPERTY
      The name of the property to identify the type of Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property.
      static java.lang.String TRANSPORT_PROPERTY
      The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.

    • Field Detail

      • SECURITY_FILE_PROPERTY

        static final java.lang.String SECURITY_FILE_PROPERTY
        The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.
        See Also:
        Constant Field Values

      • TRANSPORT_PROPERTY

        static final java.lang.String TRANSPORT_PROPERTY
        The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.
        See Also:
        Constant Field Values

      • SSL_TRANSPORT_NAME

        static final java.lang.String SSL_TRANSPORT_NAME
        The value of the TRANSPORT_PROPERTY setting that enables the use of SSL/TLS communication. This property has the value "ssl".
        See Also:
        Constant Field Values

      • SSL_CIPHER_SUITES_PROPERTY

        static final java.lang.String SSL_CIPHER_SUITES_PROPERTY
        The name of the property used to control what SSL/TLS cipher suites are acceptable for use. This has the value "oracle.kv.ssl.ciphersuites". The property value is a comma-separated list of SSL/TLS cipher suite names. Refer to your Java documentation for the list of valid values.
        See Also:
        Constant Field Values

      • SSL_PROTOCOLS_PROPERTY

        static final java.lang.String SSL_PROTOCOLS_PROPERTY
        The name of the property used to control what SSL/TLS procotols are acceptable for use. This has the value "oracle.kv.ssl.protocols". The property value is a comma-separated list of SSL/TLS protocol names. Refer to your Java documentation for the list of valid values.
        See Also:
        Constant Field Values

      • SSL_HOSTNAME_VERIFIER_PROPERTY

        static final java.lang.String SSL_HOSTNAME_VERIFIER_PROPERTY
        The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS. This has the value "oracle.kv.ssl.hostnameVerifier". The only verification step currently supported is the "dnmatch" verifier.

        The dnmatch verifier must be specified in the form "dnmatch(distinguished-name)", where distinguished-name must be the NoSQL DB server certificate's distinguished name. For a typical secure deployment this should be "dnmatch(CN=NoSQL)".

        See Also:
        Constant Field Values

      • SSL_TRUSTSTORE_FILE_PROPERTY

        static final java.lang.String SSL_TRUSTSTORE_FILE_PROPERTY
        The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server. This has the value "oracle.kv.ssl.trustStore". The property setting must be set to an absolute path for the file. If this property is not set, a system property setting of javax.net.ssl.trustStore will be used.
        See Also:
        Constant Field Values

      • SSL_TRUSTSTORE_TYPE_PROPERTY

        static final java.lang.String SSL_TRUSTSTORE_TYPE_PROPERTY
        The name of the property to identify the type of Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This is only needed if using a non-default truststore type, and the specified type must be a type supported by your Java implementation. This has the value "oracle.kv.ssl.trustStoreType".
        See Also:
        Constant Field Values

      • SSL_TRUSTSTORE_PASSWORD_PROPERTY

        static final java.lang.String SSL_TRUSTSTORE_PASSWORD_PROPERTY
        The name of the property to identify the password of the Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This property is only needed if using a password-protected PKCS12 truststore. This property has the value "oracle.kv.ssl.trustStorePassword".
        See Also:
        Constant Field Values

      • SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY

        static final java.lang.String SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY
        The name of the property to specify the alias in the password store for the password of the Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This property is only needed if using a password-protected PKCS12 truststore and the password is kept in the password store. This property has the value "oracle.kv.ssl.trustStorePasswordAlias".
        See Also:
        Constant Field Values

      • AUTH_USERNAME_PROPERTY

        static final java.lang.String AUTH_USERNAME_PROPERTY
        The name of a property to specify a username for authentication. This has the value "oracle.kv.auth.username".
        See Also:
        Constant Field Values

      • AUTH_WALLET_PROPERTY

        static final java.lang.String AUTH_WALLET_PROPERTY
        The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate. This is only used in the Enterprise Edition of the product. This has the value "oracle.kv.auth.wallet.dir".
        See Also:
        Constant Field Values

      • AUTH_PWDFILE_PROPERTY

        static final java.lang.String AUTH_PWDFILE_PROPERTY
        The name of the property that identifies a password store file containing the password of the user to authenticate. This has the value "oracle.kv.auth.pwdfile.file".
        See Also:
        Constant Field Values

      • AUTH_EXT_MECH_PROPERTY

        static final java.lang.String AUTH_EXT_MECH_PROPERTY
        The name of the property to specify the external authentication mechanism to use for client logins. If this property is set, the client will be authenticated using the specified external mechanism, otherwise the internal login mechanism will be used.

        Currently, the only supported external login mechanism is: "KERBEROS".

        See Also:
        Constant Field Values

      • KRB_MECH_NAME

        static final java.lang.String KRB_MECH_NAME
        The value of the AUTH_EXT_MECH_PROPERTY setting that enables the Kerberos login mechanism. This property has the value "KERBEROS".
        See Also:
        Constant Field Values

      • AUTH_KRB_SERVICES_PROPERTY

        static final java.lang.String AUTH_KRB_SERVICES_PROPERTY
        The name of property to specify the Kerberos principals for services associated with each helper host. Setting this property is required if, as recommended, each host uses a different principal that includes its own principal name. All principals should specify the same service and realm. If this property is not set, the client will use "oraclenosql" as the principal name for services on all helper hosts.

        Each entry should specify the helper host name followed by the Kerberos service name, and optionally an instance name and realm name. The entries are separated by commas, ignoring spaces. If any entry does not specify a realm, each entry will use the default realm specified in Kerberos configuration file. If any entry specifies a realm name, then all entries must specify the same one. The syntax is: 

         host:service[/instance[@realm]][, host:service[/instance[@realm]]]*
        For example: 
         host37:nosql/host37@EXAMPLE.COM, host53:nosql/host53@EXAMPLE.COM

        See Also:
        Constant Field Values

      • AUTH_KRB_KEYTAB_PROPERTY

        static final java.lang.String AUTH_KRB_KEYTAB_PROPERTY
        The name of property to specify the location of the keytab file for Kerberos login. This property has the value "oracle.kv.auth.kerberos.keytab". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting the JAAS_LOGIN_CONF_NAME security property.

        If this property is not specified when authenticating with security properties, then authentication will be performed via the credentials cache, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If neither a keytab or a credentials cache is specified, then login will try the default credential cache and then the default keytab.

        The default location of the keytab file is specified by the Kerberos configuration file. If the keytab is not specified there, then the system looks for the file:

        user.home/krb5.keytab

        See Also:
        Constant Field Values

      • AUTH_KRB_REALM_PROPERTY

        static final java.lang.String AUTH_KRB_REALM_PROPERTY
        The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.
        See Also:
        Constant Field Values

      • AUTH_KRB_CCACHE_PROPERTY

        static final java.lang.String AUTH_KRB_CCACHE_PROPERTY
        The name of property to specify the location of the Kerberos credential cache file. This property has the value "oracle.kv.auth.kerberos.ccache". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting the JAAS_LOGIN_CONF_NAME security property.

        If this property is not specified when authenticating with security properties, then authentication will be performed via the keytab, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If both a keytab and a credentials cache are not specified, then login will try the default credential cache and then the default keytab.

        The default location of the credential cache is /tmp/krb5cc_uid, where the uid is a numeric user identifier. If the credential cache is not found there, the system will look for the file:

        user.home/krb5cc_user.name

        See Also:
        Constant Field Values

      • AUTH_KRB_MUTUAL_PROPERTY

        static final java.lang.String AUTH_KRB_MUTUAL_PROPERTY
        The name of property to specify whether to use mutual authentication for Kerberos external login mechanism. Kerberos will perform mutual authentication if the property is set to true, and will not be performed if it is set to false or if it is not set.
        See Also:
        Constant Field Values

      • JAAS_LOGIN_CONF_NAME

        static final java.lang.String JAAS_LOGIN_CONF_NAME
        The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration. If not set, then all authentication parameters need to be provided by security properties.
        See Also:
        KerberosCredentials, Constant Field Values

      • CMD_PASSWORD_NOPROMPT_PROPERTY

        static final java.lang.String CMD_PASSWORD_NOPROMPT_PROPERTY
        The name of property to specify whether to automatically prompt password for command line utilities. If it is set to false or is not set, command line utilities will prompt for password automatically if given user name and password are not specified or unable to authenticate successfully. If the property is set to true, command line utilities will not prompt for passwords, and the login will fail if either the user or password is missing, or if the password is incorrect.
        See Also:
        Constant Field Values