Borland VisiBroker® 7.0 - Borland Technical Publications
Borland VisiBroker® 7.0 - Borland Technical Publications Borland VisiBroker® 7.0 - Borland Technical Publications
Security Profiles4 If you would like to add an additional condition to the rule, click More Conditions. Anew row appears.5 Add additional attributes, operators, and values as required. You can remove thelast condition by clicking the Fewer Conditions button.6 To force strict access based on the rule, check the Match all conditions belowexactly and nothing else checkbox.7 Click preview to display the edited rule.8 Click OK when you are finished. The new rule appears in the tree.9 Click OK when you are finished.To remove a rule from a role:1 Open the Authorization Settings dialog.2 Right click the rule you want to delete.3 Select Delete Rule from the context menu. The rule is removed from the tree.4 Click OK when you are finished.Specifying VisiSecure propertiesEach profile contains a security.properties file which allows you to customize thebehavior of VisiSecure. A typical properties file could look like the following:# Disable user domain security by defaultvbroker.security.disable=false# Point the ORB at the authentication config filesvbroker.security.login=falsevbroker.security.authentication.config=${profile.path}/config.jaas# Name the supplied authorization domainvbroker.security.authDomains=defaultvbroker.security.authDomains.default=default# How to handle requests for methods not in the rolemap file - (grant|deny)vbroker.security.domain.default.defaultAccessRule=grantvbroker.security.domain.default.rolemap_path=${profile.path}/default.rolemap62 VisiBroker Security Guide
Associating a Profile with a DomainDepending on whether your application is Java, C++, or both, you may have to setdifferent properties with different types of values. See Chapter 10, “Security Propertiesfor C++” and Chapter 9, “Security Properties for Java” for all the properties you can setin this file.Once all the properties have been set, the security.properties file is placed in theprofile folder.Associating a Profile with a DomainUsing a Vault for a DomainSecurity profiles are associated with the various domains on your system by settingproperties. Once these properties are set, VisiSecure uses the settings found in theassociated security profiles to secure your domains. Each domain on your system hasan orb.properties file associated with it. This file is located in:/var/domains//adm/properties/orb.propertiesTo associate a profile and its settings with a domain:1 Open the domain's orb.properties file.2 Set the following property vbroker.security.profile to the name of the profile whosesettings you want to use for the domain. For example:vbroker.security.profile=defaultVisiSecure will now refer to the settings for the chosen security profile when performingsecurity operations for that domain.If you are using a vault to store system identities, you associate it with a domain so thatit can be used. You do this by setting the domain's vbroker.security.vault property inthe domain's orb.properties file. Simply set the property to the location of the domain'svault. For example:vbroker.security.vault=c:/BDP/var/domains/base/adm/security/MyVaultSimilar to the vault are other properties which only belong to the orb.properties file.These include secure listener ports, thread monitoring, and so forth. As a general rule,add only those properties to the profile that can be shared by multiple applications.Otherwise, use the appropriate process-specific ORB properties file to specify theproperty.Chapter 5: Configuring Security Profiles for Domains 63
- Page 17 and 18: Distributed environments and VisiSe
- Page 19 and 20: Authentication and IdentificationAu
- Page 21 and 22: Authentication and IdentificationDi
- Page 23 and 24: Secure TransportationSecure Transpo
- Page 25 and 26: Context PropagationContext Propagat
- Page 27 and 28: Context PropagationTrusting Asserti
- Page 29 and 30: Using IIOP/HTTPSHere are several ex
- Page 31 and 32: ChapterChapter 3AuthenticationJAAS
- Page 33 and 34: Authentication mechanisms and Login
- Page 35 and 36: LoginContext class and LoginModule
- Page 37 and 38: Associating a LoginModule with a re
- Page 39 and 40: Borland LoginModulesThe elements in
- Page 41 and 42: Borland LoginModulesLDAP LoginModul
- Page 43 and 44: Server and Client IdentificationIn
- Page 45 and 46: Server and Client IdentificationCre
- Page 47 and 48: Server and Client IdentificationCli
- Page 49 and 50: ChapterChapter4AuthorizationAuthori
- Page 51 and 52: Defining access control with Role D
- Page 53 and 54: Authorization domainsTo accomplish
- Page 55 and 56: CORBA authorizationwhere is a taut
- Page 57 and 58: Chapter5Configuring Security Profil
- Page 59 and 60: Security ProfilesEnabling SecurityF
- Page 61 and 62: Security ProfilesConfiguring Authen
- Page 63 and 64: Security ProfilesTo access the Auth
- Page 65 and 66: Security ProfilesWorking with Autho
- Page 67: Security ProfilesAdding and Removin
- Page 71 and 72: Chapter6Making Secure Connections (
- Page 73 and 74: Steps to secure clients and servers
- Page 75 and 76: Examining SSL related informationEx
- Page 77 and 78: Chapter7Making Secure Connections (
- Page 79 and 80: Steps to secure clients and servers
- Page 81 and 82: Creating Custom PluginsLoginModules
- Page 83 and 84: ChapterChapter8Security for the Web
- Page 85 and 86: Security for the Apache web serverC
- Page 87 and 88: Enabling certificate passthrough to
- Page 89 and 90: Security for the Borland web contai
- Page 91 and 92: Three-tier authorization schemeNote
- Page 93 and 94: Chapter9Security Properties for Jav
- Page 95 and 96: Security Properties for JavaPropert
- Page 97 and 98: Chapter10Security Properties for C+
- Page 99 and 100: Security Properties for C++Property
- Page 101 and 102: Chapter11VisiSecure for C++ APIsCha
- Page 103 and 104: General APIUse this to login to the
- Page 105 and 106: General APISets the cipher suites t
- Page 107 and 108: General APIReturnsA set of the publ
- Page 109 and 110: SSL APISSL APIThis section explains
- Page 111 and 112: SSL APIclass CipherSuiteNameThis cl
- Page 113 and 114: SSL APIExceptionsCORBA::BAD_OPERATI
- Page 115 and 116: Certificate APICertificate APIThis
- Page 117 and 118: Certificate APIclass CORBAsec::X509
Security Profiles4 If you would like to add an additional condition to the rule, click More Conditions. Anew row appears.5 Add additional attributes, operators, and values as required. You can remove thelast condition by clicking the Fewer Conditions button.6 To force strict access based on the rule, check the Match all conditions belowexactly and nothing else checkbox.7 Click preview to display the edited rule.8 Click OK when you are finished. The new rule appears in the tree.9 Click OK when you are finished.To remove a rule from a role:1 Open the Authorization Settings dialog.2 Right click the rule you want to delete.3 Select Delete Rule from the context menu. The rule is removed from the tree.4 Click OK when you are finished.Specifying VisiSecure propertiesEach profile contains a security.properties file which allows you to customize thebehavior of VisiSecure. A typical properties file could look like the following:# Disable user domain security by defaultvbroker.security.disable=false# Point the ORB at the authentication config filesvbroker.security.login=falsevbroker.security.authentication.config=${profile.path}/config.jaas# Name the supplied authorization domainvbroker.security.authDomains=defaultvbroker.security.authDomains.default=default# How to handle requests for methods not in the rolemap file - (grant|deny)vbroker.security.domain.default.defaultAccessRule=grantvbroker.security.domain.default.rolemap_path=${profile.path}/default.rolemap62 VisiBroker Security Guide