This chapter describes the set of typical tasks you need to manage security.
This chapter includes the following sections:
A credential store is the repository of security data that certify the authority of entities used by components and ADF applications. Oracle Platform Security Services includes the Credential Store, a single, consolidated service provider that applications can use to store and manage their credentials.
The steps for this process are:
Fusion Middleware Audit Framework is a new service in Oracle Fusion Middleware 11g. It provides a centralized audit framework for the middleware family of products. Audit settings for Java components like Oracle Platform Security Services, Oracle Web Services Manager, Oracle Web Services, and others are handled at the domain level as part of security administration.
To configure the security audit policy settings for Oracle Platform Security Services, Oracle Web Services Manager, and other components deployed in the domain, and analyze audit data:
Understand the benefits and features of auditing your Oracle Fusion Middleware environment. More
View the policy settings for the Java components deployed to the domain. How?
Optionally, modify the policy settings for the Java components deployed to the domain. How?
View and configure the policy settings for system components associated with the domain. How?
For more information about audit policies, see:
"Configure Your Environment for Audit Reports" section in Securing Applications with Oracle Platform Security Services
By default, security audit data is saved in a file. It is recommended that you configure auditing to use a database store. This provides better management of the audit data. It also allows audit data to be viewed using out-of-the-box reports in Oracle Business Intelligence Publisher. The reports and Oracle Business Intelligence Publisher are both included in the bundle.
To configure a database for the audit store:
Verify that you have installed the audit schema in the database, using the Repository Creation Utility (RCU). How?
Create a Data Source using the Oracle WebLogic Server Administration Console. How?
View the audit store settings for the domain. How?
Configure the domain so it uses the database as the audit store. How?
Note:
These steps configure the audit store for Java components only. Separate steps are needed to configure the audit store for system components. See Related Topics below for instructions.
If a database store is configured, you can switch back to file storage using a configuration file. See Related Topics below for instructions.
To view audit reports:
Configure a database for the audit store as explained above.
Analyze the audit data that you have gathered. How?
Note:
Using the same database for Java components and system components ensures that your audit reports can display the audit records for all components together.
For more information about the audit store, see:
"Configure the Audit Store for System Components" section in Securing Applications with Oracle Platform Security Services
"Change from Audit Store to File" section in Securing Applications with Oracle Platform Security Services
"Audit Store Configuration Tasks" section in Securing Applications with Oracle Platform Security Services
"Manage File Storage" section in Securing Applications with Oracle Platform Security Services
Use the Application Policies page to manage application policies.
For details, see Managing Application Policies.
Use the Application Roles page to manage application roles.
For details, see Managing Application Roles.
Use the System Policies page to manage system policies.
For details, see Managing System Policies.
Use the Credentials page to manage credentials.
For details, see Managing Credentials.
Use the Keystore page to create and manage keystores using the keystore service.
You can perform the following tasks from this page:
Create a Keystore
Delete a Keystore
Change Keystore Password
Use the Manage Certificates page to manage the certificates for a keystore created with the keystore service.
You can perform the following tasks from this page:
Generate a Keypair
Generate a Certificate Signing Request
Export a Certificate or Trusted Certificate
Import a Certificate or Trusted Certificate
Delete a Certificate
Change a Certificate Password