Skip Headers
Oracle9
i
AS Containers for J2EE Services Guide
Release 2 (9.0.2)
Part Number A95879-01
Home
Solution Area
Index
Contents
Title and Copyright Information
Send Us Your Comments
Preface
1 Introduction
Java Naming and Directory Interface (JNDI)
Remote Method Invocation (RMI)
Java Authentication and Authorization Service (JAAS)
Java Transaction API (JTA)
Java Message Service (JMS)
Java Connector Architecture (JCA)
Java Object Cache
HTTPS
Data Sources
2 Java Naming and Directory Interface
Introduction
Initial Context
Constructing a JNDI Context
The JNDI Environment
Initial Context Factories
ApplicationClientInitialContextFactory
Environment Properties
Remote Client Example
Server-Side Clients
ApplicationInitialContextFactory
Example
RMIInitialContextFactory
Remote Client Example
3 Remote Method Invocation
Configuring RMI Tunneling
Configuring RMI In server.xml and rmi.xml
Editing server.xml
Editing rmi.xml
4 Overview of JAAS in Oracle 9
i
AS
Support for JAAS
What are Authentication, Authorization, and Delegation?
Foundations of the JAAS Provider
JAAS
Java2 Security Model
Java Application Environments
Provider Types
LDAP-Based Provider Type
XML-Based Provider Type
What is the Java2 Security Model?
What is JAAS?
Principals
Subjects
Login Module Authentication
Roles
Realms
Applications
Policies and Permissions
File-based Policy Example
XML-Based Example
JAAS Provider Features
JAAS Provider User Services
Capability Model of Access Control
Role-Based Access Control (RBAC)
Role Hierarchy
Role Activation
JAAS Provider Realm and Policy Management
Realm and Policy Management Tools
JAAS Provider Realm Framework
Realm Management in LDAP-Based Environments
Realm Management in XML-Based Environments
JAAS Provider Policy Administration
Oracle Internet Directory Administration
AdminPermission Class
Policy Partitioning
5 Quick Start JAAS Provider Demo
Quick Start JAAS Provider Demo Overview
Setting Up the Demo
Task 1: Modify OC4J Configuration Files
Task 2: Change Default Configurations (Optional)
Running the Demo
Viewing the Results of the callerInfo Demo
Testing the JAZN Admintool
6 Integrating the JAAS Provider with Java2 Applications
Java2 Application Environments Overview
Oracle Components Available on the Java2 Platform
JAAS Provider Integration in J2SE Application Environments
A Typical Scenario in the J2SE Environment
JAAS Provider Integration in J2EE Application Environments
Oracle9
i
AS Containers for J2EE (OC4J)
JAZNUserManager
Replacing principals.xml
JAZNUserManager Features
Authentication Environments
Integrating the JAAS Provider with SSO-Enabled Applications
SSO-Enabled J2EE Environments: A Typical Scenario
Integrating the JAAS Provider with SSL-Enabled Applications
SSL-Enabled J2EE Environments: A Typical Scenario
Integrating the JAAS Provider with Basic Authentication
Basic Authentication J2EE Environments: A Typical Scenario
J2EE and JAAS Provider Role Mapping
J2EE Security Roles
JAAS Provider Roles and Users
OC4J Group Mapping to J2EE Security Roles
How Do I Get Started?
7 Managing the JAAS Provider
JAAS Provider Management Overview
LDAP-Based and XML-Based JAAS Providers
Using the Oracle Enterprise Manager Interface with the JAAS Provider
Accessing the JAAS Provider
Task 1: Managing JAAS Policy
Searching for and Viewing Existing Grant Entries
Deleting Grant Entries
Creating a New Grant Entry
Task 2: Managing Java Permissions
Searching for and Viewing Existing Permissions
Revoking Permissions Assigned to a Principal
Using the JAZN Admintool
Usage Examples
Command Options
Realm Operations
Adding and Removing Realms
Adding and Removing Roles
Adding and Removing Users
Checking Password
Granting and Revoking Roles
Listing Realms
Listing Roles
Listing Users
Setting a Password
Policy Operations
Adding and Removing Permissions
Adding and Removing Principals
Granting and Revoking Permissions
Listing Permissions
Listing Permission Information
Listing Principal Classes
Listing Principal Class Information
Interactive Shell
Starting the JAZN Admintool Shell
Getting XML Configuration Information
Migration Operations
Migrating Principals from the principals.xml File
Getting Help
JAZN Shell Interface
JAZN Shell Commands
Using the cd Command to Navigate JAAS Provider Data
Using the mkdir, mk, or add Command to Create JAAS Provider Data
Using the pwd Command to Display the Current Shell Working Directory
Using the help Command to List JAAS Provider Commands
Using the man Command to Display Detailed JAAS Provider Commands
Using the clear Command to Clear the Screen
Using the exit Command to Exit the JAZN Shell
Managing LDAP Provider Data with Java Programs
About the Sample Java Code
The JAZNContext and JAZNConfig Classes
Managing Realms
Realm Creation
Creating an External Realm
Creating an Application Realm
Dropping a Realm
Managing Users
Managing Roles
Creating Roles
Granting Roles
Dropping Roles
Managing Permissions
Managing JAAS Provider Policy
Managing Policy with JAAS Provider Packages
Managing XML-Based Provider Data with the XML Schema
Managing Realms, Users, Roles, and Permissions
DTD Standard for XML Datafiles
Other Utilities
PermissionClassManager Interface
PrincipalClassManager Interface
LoginModuleManager
8 Developing Secure J2SE Applications
Developing Secure J2SE Applications Overview
Authentication in the J2SE Environment
Authorization in the J2SE Environment
Subject.doAs
SecurityManager.checkPermission
PrivilegedAction
Testing and Executing an Application
Starting With RealmLoginModule
Start Without Using RealmLoginModule
Sample J2SE Application
Sample J2SE Application Code
Discussion of the J2SE Sample Client Login and Application Code
9 Developing Secure J2EE Applications
Developing Secure J2EE Applications Overview
Authentication in the J2EE Environment
Running with the Permissions and Roles Associated with an Authenticated Identity (Optional)
Interception of Servlet Invocation
Retrieving Authentication Information
Authorization in the J2EE Environment
Testing and Executing the J2EE Application
Setting Up
Task 1: Install Ant (Optional)
Task 2: Modify OC4J Files
Modifying OC4J Files Where OC4J is Not Running
Deploying an Application When the OC4J Server is Running
Task 3: Change Default Configurations
Using XML-Based Realms (Default)
Using LDAP-Based Realms
Using SSL and SSO Integration
Using SSO
Task 4: Build the Directory
Starting an Application
Sample J2EE Application
Discussion of the J2EE Sample Application Code
10 Java Transaction API
Introduction
Single-Phase Commit
Enlisting a Single Resource
Configuring the DataSource
Retrieving the DataSource Connection
Demarcating the Transaction
Container-Managed Transactional Demarcation
Bean-Managed Transactions
JTA Transactions
JDBC Transactions
Two-Phase Commit
Configuring Two-Phase Commit Engine
Two-Phase Commit DTD Elements
11 Java Message Service
Overview
The JMS Examples
Running JMS-Chat
Running Coffeemaker
Configuration Issues
Deploying JMS Clients Across Nodes
Message-Driven Beans
Resource Providers
Plugging In Resource Providers
Configuring Message Providers
JNDI Resource Provider Names
Accessing Message Queues
Using Oracle AQ as a Resource Provider
Configuration
Using MQSeries As a Resource Provider
Configuring
Using SonicMQ As A Resource Provider
Configuring
12 Java Connector Architecture
Introduction
Resource Adapter
Application Contracts
Quality of Service Contracts
Deploying Resource Adapters with OC4J
JCA Deployment Descriptors
Deploying Stand-Alone Resource Adapter Archives
Deployment using Admin command-line tool
Manual deployment through directory manipulation
Deploying Embedded Resource Adapters
Example
Container-Managed Sign-on vs. Component-Managed Sign-on
13 Working With Java Object Cache
Java Object Cache Concepts
Java Object Cache Basic Architecture
Distributed Object Management
How the Java Object Cache Works
Cache Organization
Java Object Cache Features
Java Object Cache Object Types
Memory Objects
Disk Objects
StreamAccess Objects
Pool Objects
Java Object Cache Environment
Cache Regions
Cache Subregions
Cache Groups
Cache Object Attributes
Using Attributes Defined Before Object Loading
Using Attributes Defined Before or After Object Loading
Developing Applications Using Java Object Cache
Importing the Java Object Cache
Defining a Cache Region
Defining a Cache Group
Defining a Cache Subregion
Defining and Using Cache Objects
Implementing a CacheLoader
Using CacheLoader Methods Within the Load Method
Invalidating Cache Objects
Destroying Cache Objects
Setting Cache Configuration Properties
Implementing a Cache Event Listener
Restrictions and Programming Pointers
Working with Disk Objects
Configuring Properties for Using the Disk Cache
Setting the diskPath Configuration Property
Local and Distributed Disk Cache Objects
Local Objects
Distributed Objects
Adding Objects to the Disk Cache
Automatically Adding Objects
Explicitly Adding Objects
Using Objects That Only Reside on Disk Cache
Working with StreamAccess Objects
Creating a StreamAccess Object
Working with Pool Objects
Creating Pool Objects
Using Objects from a Pool
Implementing a Pool Object Instance Factory
Running in Local Mode
Running in Distributed Mode
Configuring Properties for Distributed Mode
Setting the Distribute Configuration Property
Setting the DiscoveryAddress Configuration Property
Using Distributed Objects, Regions, Subregions, and Groups
Using the REPLY Attribute with Distributed Objects
Using SYNCRONIZE and SYNCHRONIZE_DEFAULT
Cached Object Consistency Levels
Using Local Objects
Propagating Changes Without Waiting for a Reply
Propagating Changes and Waiting for a Reply
Serializing Changes Across Multiple Caches
14 Oracle HTTPS for Client Connections
Prerequisites
Audience
About Oracle HTTPS
HTTPConnection Class
OracleSSLCredential Class
Overview of Oracle HTTPS Features
SSL Cipher Suites Supported by Oracle HTTPS
Certificate and Key Management with Oracle Wallet Manager
Access Information About Established SSL Connections
Security-Aware Applications Support
java.net.URL Framework Support
Specifying Default System Properties
javax.net.ssl.KeyStore
javax.net.ssl.KeyStorePassword
Potential Security Risk with Storing Passwords in System Properties
Oracle.ssl.defaultCipherSuites
Oracle HTTPS APIs
Public Class: HTTPConnection
Public Class: OracleSSLCredential
Constructor
Methods
Oracle HTTPS Example
Initializing SSL Credentials
Verifying Connection Information
Transferring Data
15 Data Sources
Introduction
Definition of Data Sources
Defining Location of the DataSource XML Configuration File
Defining Data Sources
Retrieving a Connection From a Data Source
Emulated and Non-Emulated Data Sources
Emulated Data Sources
Non-Emulated Data Sources
Other Non-Emulated DataSource Classes
Using Data Sources
Configuring Data Source Objects
Configuration Files
Data Source Attributes
Data Source Methods
Portable Data Source Lookup
Using Oracle JDBC Extensions
Behavior of a Non-Emulated Data Source Object
Retrieving a Connection Outside a Global Transaction
Retrieving a Connection Within a Global Transaction
Using Database Caching Schemes
Connection Retrieval Error Conditions
Using Different Usernames for Two Connections to DataSource
Mixing Local and Global Transactions
Using the OCI JDBC Drivers
Using Merant Drivers
A JAAS Provider APIs
JAAS Provider API Overview
Package oracle.security.jazn
Interfaces
Persistable
Classes
JAZNConfig
JAZNContext
JAZNPermission
JAZNWebAppConfig
Exceptions
JAZNConfigException
JAZNException
JAZNInitException
JAZNNamingException
JAZNObjectExistsException
JAZNObjectNotFoundException
JAZNRuntimeException
Package oracle.security.jazn.login
Classes
LoginModuleManager
Package oracle.security.jazn.policy
Interfaces
GlobalPolicy
JAZNPolicy
PermissionClassManager
PolicyManager
PrincipalClassManager
RealmPolicy
Classes
AdminPermission
Grantee
PermissionClassDesc
PrincipalClassDesc
RoleAdminPermission
Package oracle.security.jazn.realm
Interfaces
InitRealmInfo.RealmType
Realm
Realm.LDAPProperty
RealmPrincipal
RealmRole
RealmUser
RoleManager
UserManager
Classes
InitRealmInfo
RealmLoginModule
RealmManager
RealmPermission
B JAAS Provider Standards and Samples
Sample jazn-data.xml Code
Supplemental Code Samples
Supplementary Code Sample: Creating an Application Realm
Supplementary Code Sample: Modifying User Permissions
C Third-Party Licenses
Apache HTTP Server
The Apache Software License
Apache JServ
Apache JServ Public License
Index
Copyright © 2002 Oracle Corporation.
All Rights Reserved.
Home
Solution Area
Index