Skip Headers
Oracle® Application Server Containers for J2EE Security Guide
10g Release 2 (10.1.2)
B14013-02
  Go To Documentation Library
Library
Go To Product List
Product
Go To Table Of Contents
Contents

Previous
Previous
 

Index

A  C  D  E  G  H  I  J  K  L  M  N  O  P  R  S  T  U  V  W  X 

Symbols

<as-context> element, 15.5.3
<confidentiality> element, 15.5.2
<default-method-access> element, 12.2.2.6
<establish-trust-in-client> element, 15.5.2
<establish-trust-in-target> element, 15.5.2
<group> element, 4.15
<groups> element, 4.15
<integrity> element, 15.5.2
<ior-security-config> element
DTD, 15.5.1
<jazn> element
and <password-manager> element, 14.4
<jazn-loginconfig>, 10.6.1.1
<jazn-policy>, 10.6.1.2
<jazn-web-app> element, 4.9, 4.10.1, 16.5
auth-method, 4.9.2
<login-module> entity
options, 4.8
<method> element
defined, 12.2.2.2
<method-permission> element, 12.2.2.1, 12.2.2.2, 12.2.2.2, 12.2.2.2
<password-manager> element, 14.4
<principals> element, 4.15
<role-link> element, 12.2.2.1, 12.2.2.2, 12.2.2.2
<role-name> element, 12.2.2.1, 12.2.2.2
<run-as> element, 12.2.2.4
<sas-context> element, 15.5.4
<security-identity> element, 12.2.2.4
<security-role> element, 12.2.2.1, 12.2.2.2
<security-role-mapping> element, 12.2.2.5, 12.2.2.5
<security-role-ref> element, 12.2.2.1, 12.2.2.2, 12.2.2.2
<transport-config> element, 15.5.2
<unchecked/> element, 12.2.2.3
<use-caller-identity/> element, 12.2.2.4
<user> element, 4.15
<users> element, 4.15

A

access control lists
definition, 2.5
AccessController, 1.1.2
AccessTest1, A.2
actions
definition, 1.1.1
add command, B.24.1
adding and removing realms, 10.3, B.3, B.5
adding and removing roles, B.8
adding and removing users, B.9
-addperm option to JAZN Admintool, B.3, B.5
-addprncpl option to JAZN Admintool, B.6
-addrealm option to JAZN Admintool, B.7
-addrole option to JAZN Admintool, B.8
-adduser option to JAZN Admintool, B.9
administration permission
granting, 6.3.1
AdminPermission class
definition, 1.1.3, 1.1.3
Apache Listener. See Oracle HTTP Server.
applications
in Java 2 application environments, 3.1
with JAAS, 2.2.4
authentication, 1.4, 4.7
basic, 3.3.3
digest, 3.3.3
environments, 3.3.3
form-based, 3.3.3
J2EE, 3.4
using login modules, 2.2.1
using OracleAS Single Sign-On, 2.3
using RealmLoginModule class, 2.3
with Basic Authentication, 3.3.6.1
with OracleAS Single Sign-on, 2.3
with SSO, 3.3.4.1
authentication methods, 4.9
auth-method, 4.9, 4.9.2
authorization, 1.4
J2EE, 3.5

C

cache properties, 5.5.3
caching, 5.5
disabling, 5.5.2
caching properties, 5.5, 5.5.3
capability model
definition, 2.5, 2.5
certificate authorities, 11.1
certificates (SSL), 11.1
checking
passwords, B.10
-checkpasswd option to JAZN Admintool, B.10
cipher suites
supported by Oracle HTTPS, 13.2.1.2, 13.2.1.3
class names
definition, 1.1.1
clear command, B.24.1
client.sendpassword property, 15.6
codesource in policy files, 2.2.5
Common Secure Interoperability version 2 see CSIv2
configuration data
retrieving from jazn.xml file, B.11
configuring
external LDAP providers, 9
LoginModules, 10.6
XML-based provider, 8
connection properties, 5.3, 5.4
connector-factory element, 10.6.4
createUser method, 2.4
creating
groups, 8.2
realms, 8.5
users, 8.1, 8.3
credentials, 1.3, 14.2.1
cryptographic keys, 1.3
CSIv2
and EJBs, 15.3
internal-settings.xml, 15.3
introduction, 15.1
properties in orion-ejb-jar.xml, 15.5
security properties, 15.5
custom Loginmodules
troubleshooting, 16.3

D

DAS, 2.4.1
debug logging
enabling, 10.2.4.1
debugging
enabling logging, 10.2.4.1
general SSL debugging, 11.5.2
default realm, 8.12
properties, 5.7
Delegated Administrative Service, see DAS
deleting
realms, 8.6
users, 8.4
deploying
LoginModule, 10.5
deployment descriptors
security, 12.2.2.1, 12.2.2.2, 12.2.2.5
DER, 13.1.2
digital certificates, 1.5.2
disabling caching, 5.5.2
Distinguished Encoding Rules, 13.1.2
doAsPrivileged(), 4.10.1
doasprivileged-mode, 4.10.1
DTDs
internal-settings.xml, 15.2
<ior-security-config> element, 15.5.1

E

EJB
CSIv2, 15.3
interoperability, 15
security, 12.2.2
server security properties, 15.2
ejb_sec.properties, 15.6
environment variables
and JAZN Admintool, 16.2
LDAP, 7.1.2
exit command, B.24.1

G

getAttribute("java.security.cert.X509certificate"), 2.7, 3.4.2
getAuthType, 3.4.2
-getconfig option to JAZN Admintool, B.11
getGroup method, 2.4
getRemoteUser, 3.4.2
getUser method, 2.4
getUserPrincipal, 3.4.2
granting
administration permission, 6.3.1
permissions, 6.3, 6.3.2
RMI permission, 6.3.1
roles, 8.9
granting and revoking permissions, 6.3.2, B.12
-grantperm option to JAZN Admintool, 6.3.2, B.12
groups
creating, 8.2
creating in LDAP, 7.1.1

H

help command, B.24.1
HTTPClient.HttpUrlConnection, 13.2.4
HTTPConnection, 13.1.1
HttpSession, 5.5.1

I

impliesAll attribute, 12.2.2.6
instance properties
jazn.xml, 5.2
integrating
custom LoginModule, 10.1
internal-settings.xml file, 15.2
CSIv2 entities, 15.3
DTD, 15.2
<sep-property> element, 15.2, 15.3
interoperability, 15
invoking JAZN Admintool, B.1
isCallerInRole method, 12.2.2.2

J

JAAS
login modules, 2.2.1
JAAS Provider, 2.1
and SSL/Oracle Internet Directory, 5.6.1
common configuration tasks
configuring a Java 2 Policy File, 4.14
integration with Basic authentication, 3.3.6
integration with SSL-enabled applications, 3.3.5
integration with SSO-enabled applications, 3.3.4
locations for jazn.xml, 4.2.1
overview, 2.1
permission classes, 1.1.3
security role, 3.5.1.2
JAAS. See Java Authentication and Authorization Service (JAAS)
jaas.config file, 4.8
Java 2 application environments, 3.1
Java 2 Platform, Enterprise Edition (J2EE), 1.1
application development in, 3.1
integration with JAZNUserManager, 3.3.2
Oracle component responsibilities in basic authentication environments, 3.3.6.1
Oracle component responsibilities in SSO-enabled environments, 3.3.4.1
Java 2 Platform, Standard Edition (J2SE)
application development in, 3.1, 3.1
creating applications using the Java 2 Security Model, 1.1
Java 2 policy file
configuring for JAAS Provider, 4.14
Java 2 Security Model, 2.2
definition, 1.1
using access control capability model, 2.5
using with J2EE applications, 1.1
using with J2SE applications, 1.1
Java Authentication and Authorization Service (JAAS)
applications, 2.2.4
definition, 2.2, 2.2
policy files
example, 2.2.5
principals, 1.2
realms, 2.2.3
roles, 2.2.2
subjects, 1.3
Java Key Store (JKS), 15.2
Java Platform, Enterprise Edition (J2EE)
security role, 3.5.1
java2.policy file
configuring for JAAS Provider, 4.14
java.io.FilePermission, A.2
java.net.URL framework, 13.2.4
java.security.Principal, 2.2.2, 2.3
java.security.Principal interface
using with principals, 1.2
using with roles and groups, 2.2.2
javax.net.ssl.KeyStore, 13.3.1
javax.net.ssl.KeyStorePassword, 13.3.2
javax.servlet.HttpServletRequest, 3.4.2
JAZN Admintool
adding and removing permissions, B.3, B.5
adding and removing principals, B.6
adding realms, B.7
adding roles, B.8
adding users, B.9
and environment variables, 16.2
checking passwords, B.10
command options, B.1
granting and revoking permissions, 6.3.2, B.12
granting roles, B.13
invoking, B.1
listing permissions, B.15
listing principals, B.17
listing realms, B.19
listing roles, B.20
listing users, B.21
migrating principals, 8.13, B.22
navigating shell, B.24.1
retrieving configuration data, B.11
revoking roles, B.13
setting passwords, B.23
shell commands, B.24.1
starting shell, B.24
JAZN Admintool shell
starting, 8.13, B.22
JAZN Admintool shell commands
add, B.24.1
clear, B.24.1
exit, B.24.1
help, B.24.1
man, B.24.1
mk, B.24.1
pwd, B.24.1
rm, B.24.1
set, B.24.1
jazn-data.xml, 2.2.5.1, 2.4
and Admintool, 4.2.2, 4.3.1
and LoginModule, 10.6.1
deploying LoginModules, 10.7.3
home instance (bootstrap), 4.2.2
locations, 4.2.2
jazn-data.xml file, 2.2.5.1, 2.4.1
JAZNPermission class
definition, 1.1.3, 1.1.3
JAZNUserManager, 2.4, 2.4.1, 3.5
definition, 2.3, 3.3.2
integration in J2EE environments, 3.3.2
jazn.xml
file location, 4.2.1
home instance (bootstrap), 4.2.1
instance-level, 5.2
retrieving configuration data, B.11
JNDI connection pool, 5.4
JVM, 4.4

K

Kerberos, 1.3
keys (SSL), 11.1
keystore
definition, 15.2
keystores, 11.1

L

LD_LIBRARY_PATH
variable setting, 2.7, 7.1.2, 16.2
LDAP, 2.4.1
caching properties, 5.5, 5.5.3
configuring external providers, 9
connection properties, 5.3, 5.4
creating users and groups, 7.1.1
environment variables, 7.1.2
Oracle Internet Directory used as provider type, 2.1.1
prerequisites, 7.1
SSL properties, 5.6
LDAP default realm properties, 5.7
LDAP provider
Microsoft Active Directory, 9.5
Sun Java System Application Server, 9.4
third-party, 9.2
LDAP-based provider type, 2.4.1, 2.4.1
ldap.password property name, 5.6
ldap.protocol, 5.6
ldap.user property name, 5.6
LDIF (lightweight directory interchange format), 7.1.1.2
Lightweight Directory Access Protocol. See LDAP.
listing
permission information, B.16
permissions, B.15
principal class information, B.18
principal classes, B.17
realms, B.19
roles, B.20
users, B.21
listing realms, B.19
-listperm option to JAZN Admintool, B.15
-listprncpl option to JAZN Admintool, B.17
-listprncpls option to JAZN Admintool, B.17
-listrealms option to JAZN Admintool, B.19
-listroles option to JAZN Admintool, B.20
-listusers option to JAZN Admintool, B.21
logging
enabling, 10.2.4.1
login-config element, 4.9.1
LoginContext class, 2.2.1
authenticating subjects, 2.2.1
login-module element
and third-party LDAP provider, 9.2
LoginModules, 10
configuring, 10.6
configuring with different applications, 2.2.1
definition, 2.2.1
deploying, 10.7.3
integrating, 10.7
integration with OC4J, 10.1
packaging and deployment, 10.5
troubleshooting custom, 16.3

M

man command, B.24.1
mapping
security roles, 6.2
Microsoft Active Directory
as LDAP provider, 9.5
-migrate option to JAZN Admintool, 8.13, B.22
migrating
principals, 8.13, 8.13, B.22
mk command, B.24.1
modes
persistence, 8.11

N

nameservice.useSSL property, 15.6
navigating
JAZN Admintool shell, B.24.1

O

obfuscation, 14.2.1
LDAP password, 5.6
oc4j.iiop.ciphersuites property, 15.6
oc4j.iiop.enable.clientauth property, 15.6
oc4j.iiop.keyStoreLoc property, 15.6
oc4j.iiop.keyStorePass property, 15.6
oc4j.iiop.trustedServers property, 15.6
oc4j.iiop.trustStoreLoc property, 15.6
oc4j.iiop.trustStorePass property, 15.6
oc4j-ra.xml, 10.6.4
OPMN, 15.2
Oracle HTTPS, 13
default system properties, 13.3
example, 13.4
feature overview, 13.2
supported cipher suites, 13.2.1.2, 13.2.1.3
Oracle Internet Directory, 1.4, 2.4, 2.4.1
Oracle Process Management Notification service, 15.2
OracleAS Containers for J2EE (OC4J)
interoperability, 15
mapping security roles to JAAS Provider users and roles, 3.5.1.3
OracleAS Single Sign-On, 2.3
oracle.security.jazn.realm package
use of, 2.3
OracleSSLCredential, 13.1.2
Oracle.ssl.defaultCipherSuites, 13.3.3
orion-application.xml, 4.10.1, 16.5
and LoginModule, 10.6.3
deploying LoginModules, 10.7.3
mapping security roles to JAAS Provider users and roles, 3.5.1.3
passwords not obfuscated, 14.2
specifying UserManager, 4.7.2
orion-ejb.jar file
<establish-trust-in-target> element, 15.5.2
<sas-context> element, 15.5.4
<transport-config> element, 15.5.2
orion-ejb-jar.xml, 15.5
<as-context> element, 15.5.3
<establish-trust-in-client> element, 15.5.2
<integrity> element, 15.5.2
security properties, 15.5
orion-ejb-jar.xml file
<confidentiality> element, 15.5.2
orion-web.xml, 4.10.1, 16.5

P

partitioning, 2.2.4
password indirection
definition, 14.1
password obfuscation
definition, 14.1
passwords, 14.2.1
checking, B.10
checking in JAZN Admintool, B.10
not obfuscated in orion-application.xml, 14.2
obfuscating, 14.2.1
setting, 6.3.2, B.12
setting in JAZN Admintool, B.23
permissions, 2.6.1, 12.2.1
actions, 1.1.1
adding and removing in JAZN Admintool, B.3, B.5
class definitions, 1.1.3
class name, 1.1.1
definition, 2.2.5, 2.2.5
granting, 6.3, 6.3.2
granting and revoking in JAZN Admintool, 6.3.2, B.12
granting and revoking with the JAZN Admintool, 6.3.2, B.12
in Java 2 Security Model, 1.1.1
JAAS Provider, 1.1.3
Java permission instance contents, 1.1.1
listing in JAZN Admintool, B.15
listing with the JAZN Admintool, B.15, B.16
revoking, 6.3.2, 8.8
target, 1.1.1
persistence mode, 8.11, 14.2.1
Pluggable Authentication Module (PAM), 2.2
policy
definition, 2.2.5
policy cache, 5.5
policy files
codesource, 2.2.5
example, 2.2.5
subject, 2.2.5
prerequisites
LDAP, 7.1
principals, 1.2
adding and removing in JAZN Admintool, B.6
definition, 1.2
listing class information with the JAZN Admintool, B.18
listing in JAZN Admintool, B.17
migrating, 8.13
migrating in JAZN Admintool, 8.13, B.22
with JAAS, 1.2
principals.xml file, 2.4, 2.4.2, 4.15, 4.15, 8.13
converting from, 8.13, B.22
examples, 4.15
private keys (SSL), 11.1
privileges, 2.6.1
properties
connection, 5.3
JNDI connection pool, 5.4
LDAP caching, 5.5, 5.5.3
LDAP default realm, 5.7
LDAP SSL, 5.6
property names
ldap.password, 5.6
ldap.user, 5.6
PropertyPermission, 12.2.1
protection domain
in Java 2 Security Model, 1.1.2
provider types, 2.1.1
in J2SE environments, 3.1
retrieving permissions from, 2.5
public key certificates, 1.3
public keys (SSL), 11.1
pwd command, B.24.1

R

RBAC (role-based access control), 2.6
realm cache, 5.5
RealmLoginModule class, 2.3, 3.4, 4.8
in J2SE environments, 3.1
RealmPermission class
definition, 1.1.3, 1.1.3
RealmPrincipal interface, 2.3
realms
adding and removing with the JAZN Admintool, 10.3, B.3, B.5
adding in JAZN Admintool, B.7
creating, 8.5
default, 8.12
definition, 2.2.3, 2.2.3, 2.3
deleting, 8.6
JAAS Provider support, 2.3
listing in JAZN Admintool, B.19
listing with the JAZN Admintool, B.19
with JAAS, 2.2.3
-remperm option to JAZN Admintool, B.3, B.5
-remprncpl option to JAZN Admintool, B.6
-remrealm option to JAZN Admintool, B.7
-remrole option to JAZN Admintool, B.8
-remuser option to JAZN Admintool, B.9
retrieving authentication information, 3.4.2
-revokeperm option to JAZN Admintool, 6.3.2, B.12
revoking
permissions, 6.3.2, 8.8
roles, 8.10
roles in JAZN Admintool, B.13
rm command, B.24.1
RMI permission
granting, 6.3.1
RMI/IIOP, 15
role activation
definition, 2.6.2
role hierarchy
definition, 2.6.1
RoleAdminPermission class
definition, 1.1.3, 1.1.3
role-based access control (RBAC), 2.2.2
definition, 2.6
role activation, 2.6.2
role hierarchy, 2.6.1
roles, 1.4
adding and removing with the JAZN Admintool, B.8
adding in JAZN Admintool, B.8
definition, 2.6
granting, 8.9
granting in JAZN Admintool, B.13
listing in JAZN Admintool, B.20
listing with the JAZN Admintool, B.20
mapping, 6.2
revoking, 8.10
revoking in JAZN Admintool, B.13
using the J2EE security roles, 3.5.1
with JAAS, 2.2.2
run-as, 12.2.2.4
run-as element, 2.6.2
runAs security identity, 12.2.2.4
runas-mode, 4.10.1
RuntimePermission, 12.2.1

S

sample application
AccessTest1, A.2
Secure Sockets Layer. See SSL
security, 12.2.2
keys and certificates, 11.1
OC4J and OHS configuration, 11.3
permissions, 12.2.1
requesting client authentication, 11.4
SSL common errors and solutions, 11.5.1
SSL debugging, 11.5.2
using certificates with OC4J and OHS, 11.2
security role
using in the web.xml file, 3.5.1
security roles
mapping, 6.2
SecurityManager, 1.1.2
SecurityManager.checkPermission, 3.5
selecting
UserManager, 6.1
<sep-property> element, 15.2, 15.3
Servlet.service, 3.5
session cache, 5.5
set command, B.24.1
-setpasswd option to JAZN Admintool, B.23
setting a password, 6.3.2, B.12
-shell option to JAZN Admintool, B.24
Single Sign-On. See SSO
SocketPermission, 12.2.1
SSL, 1.5.1, 3.3.3
authentication method, 3.3.3
certificates, 11.1
common errors and solutions, 11.5.1
configuring OC4J and SSL, 11
enabling SSL in OC4J, 11.3
general debugging, 11.5.2
integration with Basic authentication, 3.3.6
integration with JAAS Provider, 3.3.5
keys, 11.1
LDAP properties, 5.6
OracleSSLCredential, 13.1.2
requesting client authentication, 11.4
use with Oracle Internet Directory and JAAS Provider, 5.6.1
using keys and certificates with OC4J and Oracle HTTP Server, 11.2
SSO, 3.3.3, 3.4
as auth-method in orion-application.xml, 4.9.2
authentication with SSO, 3.3.4.1
integration with JAAS Provider, 3.3.4
lightweight J2EE Single Sign-On, configuration, 3.6.2
lightweight J2EE Single Sign-On, enabling, 3.6.3
lightweight J2EE Single Sign-On, introduction, 3.6.1
Oracle component responsibilities, 3.3.4.1
OracleAS Single Sign-On, enabling, 3.3.4
starting
JAZN Admintool, B.1
subject
definition, 4.10.1
Subject.doAs method, 2.6.2, 3.5
associating a subject with AccessControlContext, 1.3
invoking, 2.2.1
subject.doAs(), 4.10.1, 16.5
subjects, 1.3
definition, 1.3
with JAAS, 1.3
Sun Java System Application Server
as LDAP provider, 9.4

T

target names
definition, 1.1.1
<transport-config> element, 15.5.2
troubleshooting, 16
custom LoginModules, 16.3
enabling debug logging, 10.2.4.1
trustpoint, 1.5.2
truststore
definition, 15.2

U

user communities, 2.2.3
user manager
definition, 1.4
user repository
definition, 1.4
jazn-data.xml, 2.4, 2.4.1
Oracle Internet Directory, 2.4, 2.4.1
principals.xml, 2.4, 2.4.2
UserManager
selecting, 6.1
specifying, 4.7.2
users
adding and removing with the JAZN Admintool, B.9
adding in JAZN Admintool, B.9
creating, 8.1, 8.3
creating in LDAP, 7.1.1
deleting, 8.4
listing in JAZN Admintool, B.21
listing with the JAZN Admintool, B.21

V

variables
LD_LIBRARY_PATH, 2.7, 7.1.2, 16.2

W

web.xml, 4.9.1
using the J2EE security role, 3.5.1

X

XML-based provider, 2.1.1, 2.4.1
configuring, 8
XML-based provider type, 2.4.1
XMLUserManager class, 2.4, 2.4.2