This chapter explains the tags related to security manager in domain.xml.
XML schema file:
JEUS_HOME/lib/schemas/jeus/jeus-security.xsd
XML references are configured in the following format.
XML Schema/XML Tree: Summarizes all the tags of XML configuration file. Each node is defined in the following format.
Tag reference enables quick search for tags. Each tag is attached with index numbers ( ex: (11) ). Tags are explained with this number in tag reference.
The XML tag name defined in the XML schema is expressed in the format of <tag name>.
Tags are set with cardinality defined in XML schema.
“?” is for 0 or 1 element, “+” is for 1 or more elements, “*” is for 0 or more elements, (no symbol) is for exactly one element
Several tags have "P" character, meaning that they are the tags related to performance. These tags are used to tune the setting.
Element Reference: Explains XML tags in the tree.
Dynamic: Allowed to change the configuration dynamically.
Non-Dynamic: Not allowed to change the configuration dynamically. This is expressed only for the special case to comment out.
Description: A short description for tags.
Value Description: The value and type.
Value Type: Data type of the value. (ex: String)
Value Type Description: Description for the data type of the value.
Default Value: The value to be used by default when the XML is not used.
Defined Value: The default value.
Example: The XML tag example.
Performance Recommendation: The value recommended to improve performance.
Child Elements:The tags contained in its own tag element.
(7) <connect-retries> ?
(9) <security-domain-name> +
(10) <password-validator> ?
(11) <default-password-validator>
(12) <minLength> ?
(13) <maxLength> ?
(14) <force-special-character> ?
(15) <force-digit> ?
(16) <force-capital-letter> ?
(17) <force-small-letter> ?
(18) <deny-username> ?
(19) <custom-password-validator>
(20) <class-name> *
(5)
<
domain
>
<security-manager>
| |
| Description | Information about JEUS security information management. This option is used to manage the shared security information for a single domain. |
| Value Type | security-managerType |
| Child Elements |
(7)
(8)
(11)
|
[Example 3.1] Example File
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<domain>
<!-- Security Manager information for JEUS Security System -->
<security-domains>
<!-- added domain in JEUS Security System -->
<security-domain>
<name>SYSTEM_DOMAIN</name>
<authentication>
<!-- authentication service for DBRealm Service -->
<default-repository-service>
<database-repository>
<vendor>oracle</vendor>
<driver>oracle.jdbc.OracleDriver</driver>
<url>jdbc:oracle:thin:@61.77.153.110:1521:ORCL</url>
<username>scott</username>
<password>{base64}dGlnZXI=</password>
</database-repository>
</default-repository-service>
</authentication>
</security-domain>
<security-domain>
<name>JACC_DOMAIN</name>
<authorization>
<!-- authorization service for JACC Authorization Service -->
<jacc-service/>
</authorization>
</security-domain>
<security-domain>
<name>SAMPLE_DOMAIN</name>
<!-- added identity assertion service about SubjectDN -->
<identity-assertion>
<default-identity-assertion-service>
<x509-identity-assertion>
<default-user-mapper>
<cert-attr-type>SubjectDN</cert-attr-type>
<attribute-type>CN</attribute-type>
<attribute-value-delimiter>,</attribute-value-delimiter>
</default-user-mapper>
</x509-identity-assertion>
</default-identity-assertion-service>
</identity-assertion>
<!-- added credential verification service about X509Certificate -->
<credential-verification>
<custom-credential-verification-service>
jeus.security.impl.verification.X509CertificateVerific
ationService
</custom-credential-verification-service>
</credential-verification>
</security-domain>
<security-domain>
<name>MY_DOMAIN</name>
<login>
<!-- login service information for JAAS LoginModule Service -->
<jaas-login-config>
<login-module>
<login-module-classname>jeus.security.impl.login.DBRealmLoginM
odule</login-module-classname>
<control-flag>required</control-flag>
<option>
<name>exportName</name>
<value>dbrealmtest</value>
</option>
<option>
<name>principalsQuery</name>
<value>select password from MY_DOMAIN_Principals where user
name=?</value>
</option>
<option>
<name>rolesQuery</name>
<value>select * from MY_DOMAIN_roles where username=?</value>
</option>
</login-module>
</jaas-login-config>
</login>
<authorization>
<repository-service>
<!-- added authorization service for modifying policy in runtime
-->
<custom-repository>
jeus.security.impl.aznrep.CustomPolicyFileRealmAuth
orizationRepositoryService
<property>
<name>PolicyClassName</name>
<value>jeus.security.base.CustomJeusPolicy</value>
</property>
<!-- added Principal classname -->
<property>
<name>UserPrincipalClassName</name>
<value>jeus.security.resource.PrincipalImpl</value>
</property>
<!-- added RolePrincipal classname -->
<property>
<name>RolePrincipalClassName</name>
<value>jeus.security.resource.RolePrincipalImpl</value>
</property>
</custom-repository>
</repository-service>
</authorization>
</security-domain>
</security-domains>
</domain>