web server - Borland Technical Publications
web server - Borland Technical Publications web server - Borland Technical Publications
Security management with the Security Map Authorization domain The element in the ra-borland.xml descriptor file specifies the authorization domain associated with a specified user role. If is set, you should set with its associated domain. If is not set, VisiConnect assumes the use of the default authorization domain. See the Security Guide for more information on using authorization domains. Default roles In addition, the element enables the definition of a default user role that can be associated with the appropriate resource role. This default role would be preferred to if the user role identified at run-time is not found in the mapping. The default user role is defined in the element with a element given a value of “*”. For example: * A corresponding entry must be included in the element. The following example illustrates the association between a Borland Enterprise Server user role and a resource role. * SHME_OPR The default user role is also used at deployment time if the connection pool parameters indicate that the Borland Enterprise Server should initialize connections. The absence of a default user role entry or the absence of a element may prevent the server from creating connections using container-managed security. Generating a resource vault To use run-as security mapping as described above, a resource role(s) must be defined in a vault which is provided to the Borland Enterprise Server. This is known as the resource vault. VisiConnect provides a tool, ResourceVaultGen, to create a resource vault and to instantiate role objects in this vault. A role name and its associated security credentials are written to the resource vault by ResourceVaultGen. At this time only credentials of type Password Credential can be written to the resource vault. The usage of ResourceVaultGen is as follows: java -Dborland.enterprise.licenseDir= - Dserver.instance.root= com.borland.enterprise.visiconnect.tools.ResourceVaultGen -rolename -username -password -vaultfile -vpwd Chapter 27: Using VisiConnect 261
Security management with the Security Map where: -rolename -username -password -vaultfile (optional) -vpwd (optional) Resource role name to store in the resource vault. Resource username to associate with the resource role. Resource password to associate with the resource role. Path to the vault file you write the resource role(s) to. If not specified, ResourceVaultGen will attempt to write to the default resource vault file . If the vault file is does not already exist, a new vault file will be written to the specified location. Password to assign to the vault for access authorization. If not specified, the vault will be created without a password. Note When using ResourceVaultGen, ensure that the following jars are in your CLASSPATH: ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ lm.jar visiconnect.jar vbsec.jar jsse.jar jnet.jar jcert.jar jaas.jar jce1_2_1.jar sunjce_provider.jar local_policy.jar US_export_policy.jar If you fail to include these jars in your CLASSPATH when you attempt to generate a vault, you may end up with a vault file which is invalid. If you attempt to reuse the invalid vault file, you will encounter an EOFException. To resolve, delete the invalid vault file and regenerate with ResourceVaultGen, ensuring that you have the proper jars in your CLASSPATH. VisiConnect will use the vault if Security Map information is specified in at deployment time for a Resource Adapter. If the resource vault is password protected, VisiConnect will need to have the following property passed to it: -Dvisiconnect.resource.security.vaultpwd= If the resource vault is in a user specified location (-vaultfile ...), VisiConnect will need to have the following property passed to it: -Dvisiconnect.resource.security.login= 262 BES Developer’s Guide
- Page 221 and 222: Configuring JMS Connection Factorie
- Page 223 and 224: Defining Connection Pool Properties
- Page 225 and 226: Obtaining JMS Connection Factories
- Page 227 and 228: JMS and Transactions and its accomp
- Page 229 and 230: JMS and Transactions For instance:
- Page 231 and 232: 220 BES Developer’s Guide
- Page 233 and 234: Configuring JMS administered object
- Page 235 and 236: Tibco Creating Clustered JMS Servic
- Page 237 and 238: Sonic serverUrl String localhost:72
- Page 239 and 240: Sonic Creating Clustered JMS Servic
- Page 241 and 242: OpenJMS Even though OpenJMS can be
- Page 243 and 244: OpenJMS Important If you use OpenJM
- Page 245 and 246: OpenJMS openjms.clean_messages_on_s
- Page 247 and 248: OpenJMS Table 24.1 Property Name De
- Page 249 and 250: Other JMS providers The following a
- Page 251 and 252: 240 BES Developer’s Guide
- Page 253 and 254: Creating the Interceptor Class For
- Page 255 and 256: Creating the JAR file Creating the
- Page 257 and 258: Components Components The Connector
- Page 259 and 260: System Contracts Connection Managem
- Page 261 and 262: System Contracts Security Managemen
- Page 263 and 264: Common Client Interface (CCI) Conne
- Page 265 and 266: Packaging and Deployment Figure 26.
- Page 267 and 268: Resource Adapters Resource Adapters
- Page 269 and 270: Connection management Connection ma
- Page 271: Security management with the Securi
- Page 275 and 276: Resource Adapter overview Note Reso
- Page 277 and 278: Deployment Descriptors for the Reso
- Page 279 and 280: Developing the Resource Adapter Con
- Page 281 and 282: Deploying the Resource Adapter Pack
- Page 283 and 284: Application development overview 8
- Page 285 and 286: Application development overview //
- Page 287 and 288: Application development overview
- Page 289 and 290: Other Considerations Other Consider
- Page 291 and 292: Other Considerations To illustrate,
- Page 293 and 294: Other Considerations } } { cf = new
- Page 295 and 296: General syntax and usage General sy
- Page 297 and 298: Syntax and usage for iastool Table
- Page 299 and 300: Syntax and usage for java2iiop Exam
- Page 301 and 302: Syntax and usage for appclient Tabl
- Page 303 and 304: Building and running the BES exampl
- Page 305 and 306: Using the iastool command-line tool
- Page 307 and 308: Using the iastool command-line tool
- Page 309 and 310: Using the iastool command-line tool
- Page 311 and 312: Using the iastool command-line tool
- Page 313 and 314: Using the iastool command-line tool
- Page 315 and 316: Using the iastool command-line tool
- Page 317 and 318: Using the iastool command-line tool
- Page 319 and 320: Using the iastool command-line tool
- Page 321 and 322: Using the iastool command-line tool
Security management with the Security Map<br />
Authorization domain<br />
The element in the ra-borland.xml descriptor file specifies the<br />
authorization domain associated with a specified user role. If is set, you<br />
should set with its associated domain. If <br />
is not set, VisiConnect assumes the use of the default authorization domain.<br />
See the Security Guide for more information on using authorization domains.<br />
Default roles<br />
In addition, the element enables the definition of a default user role that<br />
can be associated with the appropriate resource role. This default role would be<br />
preferred to if the user role identified at run-time is not found in the mapping. The<br />
default user role is defined in the element with a element<br />
given a value of “*”. For example:<br />
*<br />
A corresponding entry must be included in the element.<br />
The following example illustrates the association between a <strong>Borland</strong> Enterprise Server<br />
user role and a resource role.<br />
<br />
*<br />
<br />
SHME_OPR<br />
<br />
<br />
The default user role is also used at deployment time if the connection pool parameters<br />
indicate that the <strong>Borland</strong> Enterprise Server should initialize connections. The absence<br />
of a default user role entry or the absence of a element may prevent the<br />
<strong>server</strong> from creating connections using container-managed security.<br />
Generating a resource vault<br />
To use run-as security mapping as described above, a resource role(s) must be<br />
defined in a vault which is provided to the <strong>Borland</strong> Enterprise Server. This is known as<br />
the resource vault.<br />
VisiConnect provides a tool, ResourceVaultGen, to create a resource vault and to<br />
instantiate role objects in this vault. A role name and its associated security credentials<br />
are written to the resource vault by ResourceVaultGen. At this time only credentials of<br />
type Password Credential can be written to the resource vault. The usage of<br />
ResourceVaultGen is as follows:<br />
java -Dborland.enterprise.licenseDir= -<br />
D<strong>server</strong>.instance.root=<br />
com.borland.enterprise.visiconnect.tools.ResourceVaultGen -rolename <br />
-username -password -vaultfile <br />
-vpwd <br />
Chapter 27: Using VisiConnect 261