Release 2 (9.0.2)
Part Number A95879-01
 Home |
 Solution Area |
 Contents |
 Index |
| Oracle9iAS Containers for J2EE Services Guide Release 2 (9.0.2) Part Number A95879-01 |
|
This appendix provides supplemental samples and standards.
This appendix contains these topics:
This section presents a sample jazn-data.xml file which illustrates the specific DTD standards that XML files must conform to. This jazn-data.xml file contains one realm, jazn.com, four users (three with obfuscated passwords) and three roles.
|
See Also:
|
<jazn-data <!--JAZN Realm Data --> <jazn-realm> <realm> <name>jazn.com</name> <users> <user> <name>admin</name> <displayName>Realm Administrator</displayName> <description>Administrator for this realm</description> <credentials>Qj+w7NJulLM=</credentials> </user> <user> <name>user</name> <description>The default guest</description> <credentials>wEE6aA==</credentials> </user> <user> <name>anonymous</name> <description>The default guest/anonymous user</description> </user> <user> <name>SCOTT</name> <displayName>SCOTT</displayName> <credentials>DppF6Lo4</credentials> </user> </users> <roles> <role> <name>guests</name> <members> <member> <type>user</type> <name>admin</name> </member> <member> <type>user</type> <name>user</name> </member> <member> <type>user</type> <name>anonymous</name> </member> </members> </role> <role> <name>administrators</name> <displayName>Realm Admin Role</displayName> <description>Administrative role for this realm</description> <members> <member> <type>user</type> <name>admin</name> </member> </members> </role> <role> <name>users</name> <members> <member> <type>user</type> <name>admin</name> </member> <member> <type>user</type> <name>user</name> </member> </members> </role> </roles> </realm> </jazn-realm> <!--JAZN Policy Data --> <jazn-policy> <grant> <grantee> <principals> <principal> <realm>jazn.com/realm> <type>role/type> <class>oracle.security.jazn.spi.xml.XMLRealmRole </class> <name>jazn.com/administrators/name> </principal> </principals> </grantee> <permissions> <permission> <class>oracle.security.jazn.realm.RealmPermission</class> <name>jazn.com</name> <actions>modifyrealmmetadata</actions> </permission> <permission> <class>com.evermind.server.AdministrationPermission </class> <name>administration</name> <actions>administration</actions> </permission> <permission> <class>oracle.security.jazn.policy.AdminPermission</class> <name>oracle.security.jazn.realm. com$modifyrealmmetadata</name> </permission> <permission> <class>oracle.security.jazn.policy.AdminPermission</class> <name>oracle.security.jazn.realm. RealmPermission$jazn.com$droprealm</name> </permission> <permission> <class>oracle.security.jazn.policy.RoleAdminPermission </class> <name>jazn.com/*</name> </permission> <permission> <class>oracle.security.jazn.policy.AdminPermission</class> <name>oracle.security.jazn.policy. RoleAdminPermission$jazn.com/*$</name> </permission> <permission> <class>oracle.security.jazn.policy.AdminPermission</class> <name>oracle.security.jazn.realm. RealmPermission$jazn.com$droprole</name> </permission> <permission> <class>com.evermind.server.rmi.RMIPermission</class> <name>login</name> </permission> <permission> <class>oracle.security.jazn.realm.RealmPermission</class> <name>jazn.com</name> <actions>droprealm</actions> </permission> <permission> <class>oracle.security.jazn.policy.AdminPermission</class> <name>oracle.security.jazn.realm.RealmPermission$jazn. com$createrole</name> </permission> <permission> <class>oracle.security.jazn.policy.AdminPermission</class> <name>oracle.security.jazn.realm.RealmPermission$jazn. com$createrealm</name> </permission> <permission> <class>oracle.security.jazn.realm.RealmPermission</class> <name>jazn.com</name> <actions>createrealm</actions> </permission> </permissions> </grant> </jazn-policy> <!-- Permission Class Data --> <jazn-permission-classes> <permission-class> <name>JAZNPermission</name> <description>To govern access to JAZN API</description> <type>jdk</type> <class>oracle.security.jazn.JAZNPermission</class> <target-descriptors> <target-descriptor> <name>*</name> <description>Access to ALL of JAZN API</description> </target-descriptor> </target-descriptors> <action-descriptors> </action-descriptors> </permission-class> </jazn-permission-classes> <!-- Principal Class Data --> <jazn-principal-classes> <principal-class> <name>SolarisPrincipal</name> <description>Solaris Principal</description> <type>jdk</type> <class>com.sun.security.auth.SolarisPrincipal</class> <name-description-map> <name-description-pair> <name>*</name> <description>All Principals</description> </name-description-pair> </name-description-map> </principal-class> </jazn-principal-classes> <!-- Login Module Data --> <jazn-loginconfig> <application> <name>TestRealmLogin</name> <login-modules> <login-module> <class>oracle.security.jazn.realm.RealmLoginModule</class> <control-flag>required</control-flag> <options> <option> <name>addRoles</name> <value>true</value> </option> </options> </login-module> </login-modules> </application> </jazn-loginconfig> </jazn-data>
The following code samples are intended as supplemental information. This section presents the following:
See Also:
The following code sample creates an Application Realm with the objects shown in Table 15-4. The objects to be modified are presented in bold.
| Objects | Names |
|---|---|
|
sample organization |
|
|
|
|
|
|
|
|
sample realm name |
|
import oracle.security.jazn.spi.ldap.*; import oracle.security.jazn.*; import oracle.security.jazn.realm.*; import java.util.*; /** * Creates an application realm. */ public class CreateRealm extends Object { public CreateRealm() {}; public static void main (String[] args) { CreateRealm test = new CreateRealm(); test.createAppRealm(); } void createAppRealm() { Realm realm=null; try { Hashtable prop = new Hashtable(); prop.put(Realm.LDAPProperty.USERS_SEARCHBASE,"cn=users,o=dev.com"); // specifying the following LDAP directory object class // is optional. When specified, it will // be used as a filter to search for users prop.put(Realm.LDAPProperty.USERS_OBJ_CLASS,"orclUser"); // adminUser is optional String adminUser = "John.Singh"; String adminRole = "administrator"; RealmManager realmMgr = JAZNContext.getRealmManager(); InitRealmInfo realmInfo = new InitRealmInfo(InitRealmInfo.RealmType.APPLICATION_REALM, adminUser, adminRole, prop); realm = realmMgr.createRealm("devRealm", realmInfo); } catch (Exception e) { e.printStackTrace(); } }
}
The following code demonstrates granting java.io.FilePermission to a user named Jane.Smith. The objects to be modified are presented in bold.
| Objects | Names | Comments... |
|---|---|---|
|
|
|
|
|
|
|
|
|
File path |
|
Path is the pathname of the file. |
|
sample organization |
|
|
|
sample External Realm |
|
|
import oracle.security.jazn.*; import oracle.security.jazn.policy.*; import oracle.security.jazn.realm.*; import java.lang.*; import java.security.*; import java.util.*; import java.net.*; import java.io.*; public class Init { public static void main(String[] args) { try { RealmManager realmMgr = JAZNContext.getRealmManager(); Realm realm = realmMgr.getRealm("abcRealm"); UserManager userMgr = realm.getUserManager(); RoleManager roleMgr = realm.getRoleManager(); final JAZNPolicy policy = JAZNContext.getPolicy(); final RealmUser user = userMgr.getUser("Jane.Smith"); AccessController.doPrivileged (new PrivilegedAction() { public Object run() { try { CodeSource cs = new CodeSource(new URL("
file:/home/task.jar"), null); HashSet prop = new HashSet(); prop.add((Principal) user); // assign permission to principals policy.grant(new Grantee(prop, cs), new FilePermission("report.data", "read")); return null; } catch (JAZNException e1) { e1.printStackTrace(); } catch (java.net.MalformedURLException e2) { e2.printStackTrace(); } return null; } } ); } catch (JAZNException e) { e.printStackTrace(); } } }
The sample code shown in Example 15-4 is preparation for using the sample application, AccessTest1, discussed in "Sample J2SE Application". This sample code grants a user, Jane.Smith, permission to use AccessTest1 as follows:
The name cs is assigned to the file:/home/task.jar, which includes the sample application AccessTest1:
CodeSource cs = new CodeSource(new URL("
file:/home/task.jar"), null);
Jane.Smith is the user added to the hashset prop:
HashSet prop = new HashSet(); prop.add((Principal) user);
Jane.Smith is granted permission, on the Codesource cs, to read the file report.data.
policy.grant(new Grantee(prop, cs), new FilePermission("report.data", "read"));
|
 Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|
