Borland VisiBroker® 7.0 - Borland Technical Publications
Borland VisiBroker® 7.0 - Borland Technical Publications Borland VisiBroker® 7.0 - Borland Technical Publications
Security ProfilesConfiguring AuthorizationYou can configure authorization by either creating your own Authorization Rolemap byhand or by using the Management Console.About the rolemap fileThe authorization rolemap is captured in a .rolemap file. Typically, you would name thisfile after your authorization domain (for example, a profile called “default” wouldtypically call its rolemap default.rolemap) but this is not required. The rolemap file, alsocalled Role DB, is a map of users to roles, or access control list. Typically, an accesscontrol list specifies a set of roles that can use a particular resource. The rolemapdesignates the set of people whose attributes match those of particular roles, and whoare then allowed to perform those roles.VisiSecure provides a mechanism for specifying role names and a set of attributeswhich define the roll. For example, the contents of Role DB could be:ServerAdministrator {CN=*, OU=Security, O=Borland, L=San Mateo, S=California, C=US*(CN=admin)*(GROUP=administrators)}Customer {role=ServerAdministrator*(CN=borland)*(CN=pclare)*(CN=jeeves)*(GROUP=RegularUsers)}This defines two roles, ServerAdministrator and Customer along with a set of rules andattributes which define them. For information on how to define roles and write acustomer rolemap, see Chapter 4, “Authorization.”Once the rolemap file is complete, it is placed in the profile's folder with the config.jaasfile.Configuring Authorization Using the Management ConsoleYou use the Authorization Settings dialog to configure Authorization for a SecurityProfile. With this you can:■■■■View authorization rolemaps and rules.Add, edit, and remove authorization rolemaps for a domain.Add, edit, and remove roles within an authorization rolemap.Add, edit, and remove rules within a role.56 VisiBroker Security Guide
Security ProfilesTo access the Authorization Settings dialog:1 From the Hubs View, navigate to the profile you want to edit.2 Right-click the profile and select Configure from the context menu. The Edit DefaultProperties dialog appears.3 Click Authorization. The Authorization Settings dialog appears.Chapter 5: Configuring Security Profiles for Domains 57
- Page 11 and 12: Contacting Borland support■■■
- Page 13 and 14: Chapter2Getting Started with Securi
- Page 15 and 16: Basic security model■■■■Web
- Page 17 and 18: Distributed environments and VisiSe
- Page 19 and 20: Authentication and IdentificationAu
- Page 21 and 22: Authentication and IdentificationDi
- Page 23 and 24: Secure TransportationSecure Transpo
- Page 25 and 26: Context PropagationContext Propagat
- Page 27 and 28: Context PropagationTrusting Asserti
- Page 29 and 30: Using IIOP/HTTPSHere are several ex
- Page 31 and 32: ChapterChapter 3AuthenticationJAAS
- Page 33 and 34: Authentication mechanisms and Login
- Page 35 and 36: LoginContext class and LoginModule
- Page 37 and 38: Associating a LoginModule with a re
- Page 39 and 40: Borland LoginModulesThe elements in
- Page 41 and 42: Borland LoginModulesLDAP LoginModul
- Page 43 and 44: Server and Client IdentificationIn
- Page 45 and 46: Server and Client IdentificationCre
- Page 47 and 48: Server and Client IdentificationCli
- Page 49 and 50: ChapterChapter4AuthorizationAuthori
- Page 51 and 52: Defining access control with Role D
- Page 53 and 54: Authorization domainsTo accomplish
- Page 55 and 56: CORBA authorizationwhere is a taut
- Page 57 and 58: Chapter5Configuring Security Profil
- Page 59 and 60: Security ProfilesEnabling SecurityF
- Page 61: Security ProfilesConfiguring Authen
- Page 65 and 66: Security ProfilesWorking with Autho
- Page 67 and 68: Security ProfilesAdding and Removin
- Page 69 and 70: Associating a Profile with a Domain
- Page 71 and 72: Chapter6Making Secure Connections (
- Page 73 and 74: Steps to secure clients and servers
- Page 75 and 76: Examining SSL related informationEx
- Page 77 and 78: Chapter7Making Secure Connections (
- Page 79 and 80: Steps to secure clients and servers
- Page 81 and 82: Creating Custom PluginsLoginModules
- Page 83 and 84: ChapterChapter8Security for the Web
- Page 85 and 86: Security for the Apache web serverC
- Page 87 and 88: Enabling certificate passthrough to
- Page 89 and 90: Security for the Borland web contai
- Page 91 and 92: Three-tier authorization schemeNote
- Page 93 and 94: Chapter9Security Properties for Jav
- Page 95 and 96: Security Properties for JavaPropert
- Page 97 and 98: Chapter10Security Properties for C+
- Page 99 and 100: Security Properties for C++Property
- Page 101 and 102: Chapter11VisiSecure for C++ APIsCha
- Page 103 and 104: General APIUse this to login to the
- Page 105 and 106: General APISets the cipher suites t
- Page 107 and 108: General APIReturnsA set of the publ
- Page 109 and 110: SSL APISSL APIThis section explains
- Page 111 and 112: SSL APIclass CipherSuiteNameThis cl
Security ProfilesConfiguring AuthorizationYou can configure authorization by either creating your own Authorization Rolemap byhand or by using the Management Console.About the rolemap fileThe authorization rolemap is captured in a .rolemap file. Typically, you would name thisfile after your authorization domain (for example, a profile called “default” wouldtypically call its rolemap default.rolemap) but this is not required. The rolemap file, alsocalled Role DB, is a map of users to roles, or access control list. Typically, an accesscontrol list specifies a set of roles that can use a particular resource. The rolemapdesignates the set of people whose attributes match those of particular roles, and whoare then allowed to perform those roles.VisiSecure provides a mechanism for specifying role names and a set of attributeswhich define the roll. For example, the contents of Role DB could be:ServerAdministrator {CN=*, OU=Security, O=<strong>Borland</strong>, L=San Mateo, S=California, C=US*(CN=admin)*(GROUP=administrators)}Customer {role=ServerAdministrator*(CN=borland)*(CN=pclare)*(CN=jeeves)*(GROUP=RegularUsers)}This defines two roles, ServerAdministrator and Customer along with a set of rules andattributes which define them. For information on how to define roles and write acustomer rolemap, see Chapter 4, “Authorization.”Once the rolemap file is complete, it is placed in the profile's folder with the config.jaasfile.Configuring Authorization Using the Management ConsoleYou use the Authorization Settings dialog to configure Authorization for a SecurityProfile. With this you can:■■■■View authorization rolemaps and rules.Add, edit, and remove authorization rolemaps for a domain.Add, edit, and remove roles within an authorization rolemap.Add, edit, and remove rules within a role.56 VisiBroker Security Guide