Borland VisiBroker® 7.0 - Borland Technical Publications

More documents

Recommendations

Info

Borland Software Corporation20450 Stevens Creek Blvd., Suite 800Cupertino, CA 95014 USAwww.borland.comRefer to the file deploy.html for a complete list of files that you can distribute in accordance with theLicense Statement and Limited Warranty.Borland Software Corporation may have patents and/or pending patent applications covering subjectmatter in this document. Please refer to the product CD or the About dialog box for the list ofapplicable patents. The furnishing of this document does not give you any license to these patents.Copyright 1992–2006 Borland Software Corporation. All rights reserved. All Borland brand andproduct names are trademarks or registered trademarks of Borland Software Corporation in theUnited States and other countries. All other marks are the property of their respective owners.Microsoft, the .NET logo, and Visual Studio are either registered trademarks or trademarks ofMicrosoft Corporation in the United States and/or other countries.For third-party conditions and disclaimers, see the Release Notes on your product CD.VB70SecurityMarch 2006PDF
ContentsChapter 1Introduction to Borland VisiBroker 1VisiBroker Overview . . . . . . . . . . . . . . . . . 1VisiBroker features. . . . . . . . . . . . . . . . . 2VisiBroker Documentation . . . . . . . . . . . . . . 2Accessing VisiBroker online help topicsin the standalone Help Viewer . . . . . . . . . . 3Accessing VisiBroker online help topicsfrom within the VisiBroker Console. . . . . . . . 3Documentation conventions . . . . . . . . . . . 4Platform conventions . . . . . . . . . . . . . . . 4Contacting Borland support. . . . . . . . . . . . . . 4Online resources. . . . . . . . . . . . . . . . . . 5World Wide Web . . . . . . . . . . . . . . . . . . 5Borland newsgroups . . . . . . . . . . . . . . . . 5Chapter 2Getting Started with Security 7VisiSecure overview . . . . . . . . . . . . . . . . . 8VisiSecure for Java . . . . . . . . . . . . . . . . 8VisiSecure for C++. . . . . . . . . . . . . . . . . 8Pluggability . . . . . . . . . . . . . . . . . . . . 8VisiSecure design flexibility . . . . . . . . . . . . 8VisiSecure for Java features . . . . . . . . . . . . 8VisiSecure for C++ Features. . . . . . . . . . . . 9Basic security model . . . . . . . . . . . . . . . . . 9Authentication realm (user domain) . . . . . . . . 10Resource domain . . . . . . . . . . . . . . . . . 10Authorization domain . . . . . . . . . . . . . . . 11Distributed environments and VisiSecure SPI . . . . 11Managing authentication and authorizationwith JAAS . . . . . . . . . . . . . . . . . . . . . . 11Authentication and Identification . . . . . . . . . . . 11System identification. . . . . . . . . . . . . . . . 12Authentication and pluggability . . . . . . . . . . 12Server and/or client authentication . . . . . . . . 12Authenticating clients with usernamesand passwords . . . . . . . . . . . . . . . . . . 12Authentication property settings . . . . . . . . . . 13Public-key encryption . . . . . . . . . . . . . . . 13Asymmetric encryption . . . . . . . . . . . . . . 13Symmetric encryption . . . . . . . . . . . . . . . 14Certificates and Certificate Authority . . . . . . . 14Digital signatures . . . . . . . . . . . . . . . . . 14Generating a private key andcertificate request . . . . . . . . . . . . . . . . 14Distinguished names . . . . . . . . . . . . . . 15Certificate chains . . . . . . . . . . . . . . . . 15Certificate authentication . . . . . . . . . . . . . . . 16Certificate Revocation List (CRL) and revokedcertificate serial numbers . . . . . . . . . . . . . . 16Negotiating Quality of Protection (QoP)parameters . . . . . . . . . . . . . . . . . . . . . 16Secure Transportation . . . . . . . . . . . . . . . . 17JSSE and SSL pluggability . . . . . . . . . . . . 17Setting the level of encryption . . . . . . . . . . 17Supported cipher suites . . . . . . . . . . . . 17Authorization. . . . . . . . . . . . . . . . . . . . . 18Access Control List . . . . . . . . . . . . . . . . 18Roles-based access control . . . . . . . . . . . 18Pluggable Authorization . . . . . . . . . . . . . 19Context Propagation . . . . . . . . . . . . . . . . . 19Identity assertions . . . . . . . . . . . . . . . . 19Impersonation . . . . . . . . . . . . . . . . . 20Delegation . . . . . . . . . . . . . . . . . . . 20Trusting Assertions . . . . . . . . . . . . . . . . 21Trust assertions and plug-ins . . . . . . . . . 21Backward trust . . . . . . . . . . . . . . . . 21Forward trust . . . . . . . . . . . . . . . . . 21Temporary privileges . . . . . . . . . . . . . . . 21Using IIOP/HTTPS. . . . . . . . . . . . . . . . . . 22Netscape Communicator/Navigator . . . . . . . 22Microsoft Internet Explorer . . . . . . . . . . . . 22Chapter 3Authentication 25JAAS basic concepts . . . . . . . . . . . . . . . . 25Subjects . . . . . . . . . . . . . . . . . . . . . 25Principals . . . . . . . . . . . . . . . . . . . . . 26Credentials . . . . . . . . . . . . . . . . . . . . 26Public and private credentials . . . . . . . . . 26Authentication mechanisms andLoginModules . . . . . . . . . . . . . . . . . . . 27Authentication realms. . . . . . . . . . . . . . . 27LoginModules. . . . . . . . . . . . . . . . . . . 27LoginContext class and LoginModule interface . . . 28Authentication and stacked LoginModules . . . . 29Associating a LoginModule with a realm . . . . . . 30Syntax of a realm entry. . . . . . . . . . . . . . 31Borland LoginModules . . . . . . . . . . . . . . . . 32Basic LoginModule . . . . . . . . . . . . . . . . 32JDBC LoginModule . . . . . . . . . . . . . . . . 34LDAP LoginModule . . . . . . . . . . . . . . . . 35Host LoginModule . . . . . . . . . . . . . . . . 35Server and Client Identification . . . . . . . . . . . 36Setting the config file for clientauthentication . . . . . . . . . . . . . . . . . . 36System Identification . . . . . . . . . . . . . . . 36Formatted Target . . . . . . . . . . . . . . . . . 37GSSUP mechanism . . . . . . . . . . . . . . 37Certificate mechanism . . . . . . . . . . . . 38Using a Vault . . . . . . . . . . . . . . . . . . . 38Creating a Vault . . . . . . . . . . . . . . . . 39VaultGen example . . . . . . . . . . . . . . . 40Client identification . . . . . . . . . . . . . . . . 41i
Page 1: Security GuideBorlandVisiBroker ®
Page 5 and 6: Security for the Borland web contai
Page 7 and 8: Chapter1Introduction to Borland Vis
Page 9 and 10: VisiBroker DocumentationImportant
Page 11 and 12: Contacting Borland support■■■
Page 13 and 14: Chapter2Getting Started with Securi
Page 15 and 16: Basic security model■■■■Web
Page 17 and 18: Distributed environments and VisiSe
Page 19 and 20: Authentication and IdentificationAu
Page 21 and 22: Authentication and IdentificationDi
Page 23 and 24: Secure TransportationSecure Transpo
Page 25 and 26: Context PropagationContext Propagat
Page 27 and 28: Context PropagationTrusting Asserti
Page 29 and 30: Using IIOP/HTTPSHere are several ex
Page 31 and 32: ChapterChapter 3AuthenticationJAAS
Page 33 and 34: Authentication mechanisms and Login
Page 35 and 36: LoginContext class and LoginModule
Page 37 and 38: Associating a LoginModule with a re
Page 39 and 40: Borland LoginModulesThe elements in
Page 41 and 42: Borland LoginModulesLDAP LoginModul
Page 43 and 44: Server and Client IdentificationIn
Page 45 and 46: Server and Client IdentificationCre
Page 47 and 48: Server and Client IdentificationCli
Page 49 and 50: ChapterChapter4AuthorizationAuthori
Page 51 and 52: Defining access control with Role D
Page 53 and 54:
Authorization domainsTo accomplish
Page 55 and 56:
CORBA authorizationwhere is a taut
Page 57 and 58:
Chapter5Configuring Security Profil
Page 59 and 60:
Security ProfilesEnabling SecurityF
Page 61 and 62:
Security ProfilesConfiguring Authen
Page 63 and 64:
Security ProfilesTo access the Auth
Page 65 and 66:
Security ProfilesWorking with Autho
Page 67 and 68:
Security ProfilesAdding and Removin
Page 69 and 70:
Associating a Profile with a Domain
Page 71 and 72:
Chapter6Making Secure Connections (
Page 73 and 74:
Steps to secure clients and servers
Page 75 and 76:
Examining SSL related informationEx
Page 77 and 78:
Chapter7Making Secure Connections (
Page 79 and 80:
Steps to secure clients and servers
Page 81 and 82:
Creating Custom PluginsLoginModules
Page 83 and 84:
ChapterChapter8Security for the Web
Page 85 and 86:
Security for the Apache web serverC
Page 87 and 88:
Enabling certificate passthrough to
Page 89 and 90:
Security for the Borland web contai
Page 91 and 92:
Three-tier authorization schemeNote
Page 93 and 94:
Chapter9Security Properties for Jav
Page 95 and 96:
Security Properties for JavaPropert
Page 97 and 98:
Chapter10Security Properties for C+
Page 99 and 100:
Security Properties for C++Property
Page 101 and 102:
Chapter11VisiSecure for C++ APIsCha
Page 103 and 104:
General APIUse this to login to the
Page 105 and 106:
General APISets the cipher suites t
Page 107 and 108:
General APIReturnsA set of the publ
Page 109 and 110:
SSL APISSL APIThis section explains
Page 111 and 112:
SSL APIclass CipherSuiteNameThis cl
Page 113 and 114:
SSL APIExceptionsCORBA::BAD_OPERATI
Page 115 and 116:
Certificate APICertificate APIThis
Page 117 and 118:
Certificate APIclass CORBAsec::X509
Page 119 and 120:
QoP APIQoP APIThe following section
Page 121 and 122:
Authorization APIAuthorization APIT
Page 123 and 124:
ChapterChapter12Security SPIfor C++
Page 125 and 126:
ProvidersProvidersTable 12.1Each pr
Page 127 and 128:
vbsec::CallbackHandlervbsec::Callba
Page 129 and 130:
vbsec::AuthenticationMechanismsMeth
Page 131 and 132:
vbsec::TargetReturnsExceptionsArgum
Page 133 and 134:
vbsec::Resourcevbsec::ResourceThe R
Page 135 and 136:
vbsec::AttributeCodecFor the provid
Page 137 and 138:
vbsec::PermissionCollectionvbsec::P
Page 139 and 140:
vbsec::InitOptionsvbsec::InitOption
Page 141 and 142:
IndexSymbols... ellipsis 4.defaultA
Page 143 and 144:
Iidentitiessetting up 36setting up
Page 145 and 146:
security (C++)AttributeCodec 119, 1
Page 147 and 148:
VisiSecure APIs (C++) 95VisiSecure
show all

Borland VisiBroker® 7.0 - Borland Technical Publications

Create successful ePaper yourself

Delete template?

Save as template?