Package oracle.kv

Interface KVSecurityConstants

All Known Implementing Classes:
KVStoreConfig
public interface KVSecurityConstants
The KVSecurityConstants interface defines constants used for security configuration. These are most commonly use when populating a set if properties to be passed to KVStoreConfig.setSecurityProperties(java.util.Properties), but may be used as a reference when configuring a security property file.
Since:
3.0

  • Field Details

    • SECURITY_FILE_PROPERTY

      static final String SECURITY_FILE_PROPERTY
      The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.
      See Also:

    • TRANSPORT_PROPERTY

      static final String TRANSPORT_PROPERTY
      The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.
      See Also:

    • SSL_TRANSPORT_NAME

      static final String SSL_TRANSPORT_NAME
      The value of the TRANSPORT_PROPERTY setting that enables the use of SSL/TLS communication. This property has the value "ssl".
      See Also:

    • SSL_CIPHER_SUITES_PROPERTY

      static final String SSL_CIPHER_SUITES_PROPERTY
      The name of the property used to control what SSL/TLS cipher suites are acceptable for use. This has the value "oracle.kv.ssl.ciphersuites". The property value is a comma-separated list of SSL/TLS cipher suite names. Refer to your Java documentation for the list of valid values.
      See Also:

    • SSL_PROTOCOLS_PROPERTY

      static final String SSL_PROTOCOLS_PROPERTY
      The name of the property used to control what SSL/TLS procotols are acceptable for use. This has the value "oracle.kv.ssl.protocols". The property value is a comma-separated list of SSL/TLS protocol names. Refer to your Java documentation for the list of valid values.
      See Also:

    • SSL_HOSTNAME_VERIFIER_PROPERTY

      static final String SSL_HOSTNAME_VERIFIER_PROPERTY
      The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS. This has the value "oracle.kv.ssl.hostnameVerifier". The only verification step currently supported is the "dnmatch" verifier.

      The dnmatch verifier must be specified in the form "dnmatch(distinguished-name)", where distinguished-name must be the NoSQL DB server certificate's distinguished name. For a typical secure deployment this should be "dnmatch(CN=NoSQL)".

      See Also:

    • SSL_TRUSTSTORE_FILE_PROPERTY

      static final String SSL_TRUSTSTORE_FILE_PROPERTY
      The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server. This has the value "oracle.kv.ssl.trustStore". The property setting must be set to an absolute path for the file. If this property is not set, a system property setting of javax.net.ssl.trustStore will be used.
      See Also:

    • SSL_TRUSTSTORE_TYPE_PROPERTY

      static final String SSL_TRUSTSTORE_TYPE_PROPERTY
      The name of the property to identify the type of Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This is only needed if using a non-default truststore type, and the specified type must be a type supported by your Java implementation. This has the value "oracle.kv.ssl.trustStoreType".
      See Also:

    • SSL_TRUSTSTORE_PASSWORD_PROPERTY

      static final String SSL_TRUSTSTORE_PASSWORD_PROPERTY
      The name of the property to identify the password of the Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This property is only needed if using a password-protected PKCS12 truststore. This property has the value "oracle.kv.ssl.trustStorePassword".
      See Also:

    • SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY

      static final String SSL_TRUSTSTORE_PASSWORD_ALIAS_PROPERTY
      The name of the property to specify the alias in the password store for the password of the Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This property is only needed if using a password-protected PKCS12 truststore and the password is kept in the password store. This property has the value "oracle.kv.ssl.trustStorePasswordAlias".
      See Also:

    • AUTH_USERNAME_PROPERTY

      static final String AUTH_USERNAME_PROPERTY
      The name of a property to specify a username for authentication. This has the value "oracle.kv.auth.username".
      See Also:

    • AUTH_WALLET_PROPERTY

      static final String AUTH_WALLET_PROPERTY
      The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate. This is only used in the Enterprise Edition of the product. This has the value "oracle.kv.auth.wallet.dir".
      See Also:

    • AUTH_PWDFILE_PROPERTY

      static final String AUTH_PWDFILE_PROPERTY
      The name of the property that identifies a password store file containing the password of the user to authenticate. This has the value "oracle.kv.auth.pwdfile.file".
      See Also:

    • AUTH_EXT_MECH_PROPERTY

      static final String AUTH_EXT_MECH_PROPERTY
      The name of the property to specify the external authentication mechanism to use for client logins. If this property is set, the client will be authenticated using the specified external mechanism, otherwise the internal login mechanism will be used.

      Currently, the only supported external login mechanism is: "KERBEROS".

      See Also:

    • KRB_MECH_NAME

      static final String KRB_MECH_NAME
      The value of the AUTH_EXT_MECH_PROPERTY setting that enables the Kerberos login mechanism. This property has the value "KERBEROS".
      See Also:

    • AUTH_KRB_SERVICES_PROPERTY

      static final String AUTH_KRB_SERVICES_PROPERTY
      The name of property to specify the Kerberos principals for services associated with each helper host. Setting this property is required if, as recommended, each host uses a different principal that includes its own principal name. All principals should specify the same service and realm. If this property is not set, the client will use "oraclenosql" as the principal name for services on all helper hosts.

      Each entry should specify the helper host name followed by the Kerberos service name, and optionally an instance name and realm name. The entries are separated by commas, ignoring spaces. If any entry does not specify a realm, each entry will use the default realm specified in Kerberos configuration file. If any entry specifies a realm name, then all entries must specify the same one. The syntax is: 

       host:service[/instance[@realm]][, host:service[/instance[@realm]]]*
      For example: 
       host37:nosql/host37@EXAMPLE.COM, host53:nosql/host53@EXAMPLE.COM

      See Also:

    • AUTH_KRB_KEYTAB_PROPERTY

      static final String AUTH_KRB_KEYTAB_PROPERTY
      The name of property to specify the location of the keytab file for Kerberos login. This property has the value "oracle.kv.auth.kerberos.keytab". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting the JAAS_LOGIN_CONF_NAME security property.

      If this property is not specified when authenticating with security properties, then authentication will be performed via the credentials cache, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If neither a keytab or a credentials cache is specified, then login will try the default credential cache and then the default keytab.

      The default location of the keytab file is specified by the Kerberos configuration file. If the keytab is not specified there, then the system looks for the file:

      user.home/krb5.keytab

      See Also:

    • AUTH_KRB_REALM_PROPERTY

      static final String AUTH_KRB_REALM_PROPERTY
      The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.
      See Also:

    • AUTH_KRB_CCACHE_PROPERTY

      static final String AUTH_KRB_CCACHE_PROPERTY
      The name of property to specify the location of the Kerberos credential cache file. This property has the value "oracle.kv.auth.kerberos.ccache". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting the JAAS_LOGIN_CONF_NAME security property.

      If this property is not specified when authenticating with security properties, then authentication will be performed via the keytab, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If both a keytab and a credentials cache are not specified, then login will try the default credential cache and then the default keytab.

      The default location of the credential cache is /tmp/krb5cc_uid, where the uid is a numeric user identifier. If the credential cache is not found there, the system will look for the file:

      user.home/krb5cc_user.name

      See Also:

    • AUTH_KRB_MUTUAL_PROPERTY

      static final String AUTH_KRB_MUTUAL_PROPERTY
      The name of property to specify whether to use mutual authentication for Kerberos external login mechanism. Kerberos will perform mutual authentication if the property is set to true, and will not be performed if it is set to false or if it is not set.
      See Also:

    • JAAS_LOGIN_CONF_NAME

      static final String JAAS_LOGIN_CONF_NAME
      The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration. If not set, then all authentication parameters need to be provided by security properties.
      See Also:

    • CMD_PASSWORD_NOPROMPT_PROPERTY

      static final String CMD_PASSWORD_NOPROMPT_PROPERTY
      The name of property to specify whether to automatically prompt password for command line utilities. If it is set to false or is not set, command line utilities will prompt for password automatically if given user name and password are not specified or unable to authenticate successfully. If the property is set to true, command line utilities will not prompt for passwords, and the login will fail if either the user or password is missing, or if the password is incorrect.
      See Also: