Skip Headers

Oracle9iAS Containers for J2EE Services Guide
Release 2 (9.0.2)

Part Number A95879-01
Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Go to previous page Go to next page

B
JAAS Provider Standards and Samples

This appendix provides supplemental samples and standards.

This appendix contains these topics:

Sample jazn-data.xml Code

This section presents a sample jazn-data.xml file which illustrates the specific DTD standards that XML files must conform to. This jazn-data.xml file contains one realm, jazn.com, four users (three with obfuscated passwords) and three roles.

See Also:

Example 15-2 Sample jazn-data.xml File


<jazn-data

<!--JAZN Realm Data -->

   <jazn-realm>
        <realm>
             <name>jazn.com</name>
             <users>
                  <user>
                       <name>admin</name>
                       <displayName>Realm Administrator</displayName>
                       <description>Administrator for this realm</description>
                       <credentials>Qj+w7NJulLM=</credentials>
                  </user>
                  <user>
                       <name>user</name>
                       <description>The default guest</description>
                       <credentials>wEE6aA==</credentials>
                  </user>
                  <user>
                       <name>anonymous</name>
                       <description>The default guest/anonymous
                                user</description>
                  </user>
                  <user>
                       <name>SCOTT</name>
                       <displayName>SCOTT</displayName>
                       <credentials>DppF6Lo4</credentials>
                  </user>
             </users>
             <roles>
                  <role>
                       <name>guests</name>
                       <members>
                            <member>
                                 <type>user</type>
                                 <name>admin</name>
                            </member>
                            <member>
                                 <type>user</type>
                                 <name>user</name>
                            </member>
                            <member>
                                 <type>user</type>
                                 <name>anonymous</name>
                            </member>
                       </members>
                  </role>
                  <role>
                       <name>administrators</name>  
                       <displayName>Realm Admin Role</displayName>
                       <description>Administrative role for this
                                    realm</description> 
                       <members>
                            <member>
                                 <type>user</type>
                                 <name>admin</name>
                            </member>
                       </members>
                  </role>


                  <role>
                       <name>users</name>  
                       <members>
                            <member>
                                 <type>user</type>
                                 <name>admin</name>
                            </member>
                            <member>
                                 <type>user</type>
                                 <name>user</name>
                            </member>
                       </members>
                  </role>
             </roles>
        </realm>
</jazn-realm>

<!--JAZN Policy Data -->
<jazn-policy>
        <grant>
             <grantee>
                  <principals>
                       <principal>
                            <realm>jazn.com/realm>  
                            <type>role/type>                  
                            <class>oracle.security.jazn.spi.xml.XMLRealmRole
                                </class>
                                <name>jazn.com/administrators/name>       
                       </principal>
                  </principals>
             </grantee>
             <permissions>
                 <permission>
                      <class>oracle.security.jazn.realm.RealmPermission</class>
                      <name>jazn.com</name>
                      <actions>modifyrealmmetadata</actions>
                 </permission>
                 <permission>
                      <class>com.evermind.server.AdministrationPermission
                                 </class>
                      <name>administration</name>
                      <actions>administration</actions>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.AdminPermission</class>
                      <name>oracle.security.jazn.realm.
                            com$modifyrealmmetadata</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.AdminPermission</class>
                      <name>oracle.security.jazn.realm. 
                          RealmPermission$jazn.com$droprealm</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.RoleAdminPermission
                            </class>
                      <name>jazn.com/*</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.AdminPermission</class>
                      <name>oracle.security.jazn.policy.
                            RoleAdminPermission$jazn.com/*$</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.AdminPermission</class>
                      <name>oracle.security.jazn.realm.
                            RealmPermission$jazn.com$droprole</name>
                 </permission>
                 <permission>
                      <class>com.evermind.server.rmi.RMIPermission</class>
                      <name>login</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.realm.RealmPermission</class>
                      <name>jazn.com</name>
                      <actions>droprealm</actions>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.AdminPermission</class>
                      <name>oracle.security.jazn.realm.RealmPermission$jazn.
                            com$createrole</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.policy.AdminPermission</class>
                      <name>oracle.security.jazn.realm.RealmPermission$jazn.
                           com$createrealm</name>
                 </permission>
                 <permission>
                      <class>oracle.security.jazn.realm.RealmPermission</class>
                      <name>jazn.com</name>
                      <actions>createrealm</actions>
                 </permission>
             </permissions>
        </grant>
    </jazn-policy>

<!-- Permission Class Data -->
    <jazn-permission-classes>
        <permission-class>
             <name>JAZNPermission</name>
             <description>To govern access to JAZN API</description>
             <type>jdk</type>
             <class>oracle.security.jazn.JAZNPermission</class>
                 <target-descriptors>
                      <target-descriptor>
                           <name>*</name>
                           <description>Access to ALL of JAZN API</description>
                      </target-descriptor>
                 </target-descriptors>
                 <action-descriptors>
                 </action-descriptors>
        </permission-class>
    </jazn-permission-classes>

<!-- Principal Class Data -->
    <jazn-principal-classes>
        <principal-class>
             <name>SolarisPrincipal</name>
             <description>Solaris Principal</description>
             <type>jdk</type>
             <class>com.sun.security.auth.SolarisPrincipal</class>
             <name-description-map>
                 <name-description-pair>
                      <name>*</name>
                      <description>All Principals</description>
                 </name-description-pair>
             </name-description-map>
        </principal-class>
    </jazn-principal-classes>

<!-- Login Module Data -->
    <jazn-loginconfig>
        <application>
             <name>TestRealmLogin</name>
             <login-modules>
                 <login-module>
                      <class>oracle.security.jazn.realm.RealmLoginModule</class>
                      <control-flag>required</control-flag>
                      <options>
                           <option>
                               <name>addRoles</name>
                               <value>true</value>
                           </option>
                      </options>
                 </login-module>
             </login-modules>
        </application>
    </jazn-loginconfig>

</jazn-data>

Supplemental Code Samples

The following code samples are intended as supplemental information. This section presents the following:

Supplementary Code Sample: Creating an Application Realm

The following code sample creates an Application Realm with the objects shown in Table 15-4. The objects to be modified are presented in bold.

Table 15-4 Objects in Sample Application Realm Creation Code
Objects Names

sample organization

dev.com

adminUser (optional)

John.Singh

adminRole

administrator

sample realm name

devRealm

Example 15-3 Application Realm Creation Code

import oracle.security.jazn.spi.ldap.*;
import oracle.security.jazn.*;
import oracle.security.jazn.realm.*;

import java.util.*;

/**
 * Creates an application realm.
 */

public class CreateRealm extends Object
{
    public CreateRealm() {};

    public static void main (String[] args) {
      CreateRealm test = new CreateRealm();
      test.createAppRealm();
    }

    void createAppRealm() {
    Realm realm=null;


 try {
     Hashtable prop = new Hashtable();
     prop.put(Realm.LDAPProperty.USERS_SEARCHBASE,"cn=users,o=dev.com");
 
     // specifying the following LDAP directory object class 
	     // is optional.  When specified, it will
     // be used as a filter to search for users
     prop.put(Realm.LDAPProperty.USERS_OBJ_CLASS,"orclUser");

     // adminUser is optional
    String adminUser = "John.Singh";

     String adminRole = "administrator";

     RealmManager realmMgr = JAZNContext.getRealmManager();

     InitRealmInfo realmInfo = new
          InitRealmInfo(InitRealmInfo.RealmType.APPLICATION_REALM, adminUser,
          adminRole, prop);
     realm = realmMgr.createRealm("devRealm", realmInfo);
     } 

catch (Exception e) {
     e.printStackTrace();
    }
  }

}

Supplementary Code Sample: Modifying User Permissions

The following code demonstrates granting java.io.FilePermission to a user named Jane.Smith. The objects to be modified are presented in bold.

Table 15-5 Objects of Sample Modifying User Permissions Code
Objects Names Comments...

RealmUser user

Jane.Smith

codesource cs

file:/home/task.jar

File path

report.data

Path is the pathname of the file.

sample organization

abc.com

abc.com does not appear in this code directly, but was acted upon in the creation of this sample External Realm in Example 7-1.

sample External Realm

abcRealm

abcRealm appears in this code and in the creation of this sample External Realm in External Realm Creation Code .

Example 15-4 Modifying User Permissions Code

Code Sample
import oracle.security.jazn.*;
import oracle.security.jazn.policy.*;
import oracle.security.jazn.realm.*;
import java.lang.*;
import java.security.*;
import java.util.*;
import java.net.*;
import java.io.*;

public class Init {

    public static void main(String[] args) {
     
        try {
            RealmManager realmMgr = JAZNContext.getRealmManager();
            Realm realm = realmMgr.getRealm("abcRealm");
            UserManager userMgr = realm.getUserManager();
            RoleManager roleMgr = realm.getRoleManager();
            final JAZNPolicy policy = JAZNContext.getPolicy();

            final RealmUser user = userMgr.getUser("Jane.Smith");

            AccessController.doPrivileged (new PrivilegedAction() {
                    public Object run() {

                try {

                  CodeSource cs = new CodeSource(new URL("
file:/home/task.jar"), null); HashSet prop = new HashSet(); prop.add((Principal) user); // assign permission to principals policy.grant(new Grantee(prop, cs), new FilePermission("report.data", "read")); return null; } catch (JAZNException e1) { e1.printStackTrace(); } catch (java.net.MalformedURLException e2) { e2.printStackTrace(); } return null; } } ); } catch (JAZNException e) { e.printStackTrace(); } } }
Discussion of Sample Code

The sample code shown in Example 15-4 is preparation for using the sample application, AccessTest1, discussed in "Sample J2SE Application". This sample code grants a user, Jane.Smith, permission to use AccessTest1 as follows:

The name cs is assigned to the file:/home/task.jar, which includes the sample application AccessTest1:

CodeSource cs = new CodeSource(new URL("
file:/home/task.jar"), null);

Jane.Smith is the user added to the hashset prop:

HashSet prop = new HashSet();
                    prop.add((Principal) user);

Jane.Smith is granted permission, on the Codesource cs, to read the file report.data.

policy.grant(new Grantee(prop, cs), new
                             FilePermission("report.data", "read"));


Go to previous page Go to next page
Oracle
Copyright © 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index