JAZN

Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

BI & Data Warehousing
Java
Linux
.NET
Office
PHP
Security
Service-Oriented Architecture
XML
Windows Server System
Technologies A-Z

COMMUNITY

About OTN
Oracle ACEs
TechBlast Newsletter
Oracle Magazine
Oracle 10g Books
Education
User Groups
Partner White Papers

Legal | Privacy

Oracle9iAS Release 2 Reviewers Guide Demo

6. Configure Security using Oracle9iAS JAAS Provider

Overview

One of the new security features of Oracle9iAS is the Java Authentication and Authorization Service (JAAS) Provider. The Oracle9iAS JAAS Provider is the default user manager for Oracle9iAS OC4J, as well as a full implementation of JAAS plus extensions. The following walk-through demonstrates some of the basic capabilities of the JAAS Provider as the user manager for OC4J.

OC4J supports a global (default) user manager as well as an application specific ("local") user manager. By default, the JAAS Provider is configured as the global user manager using an XML flat-file repository, although it can optionally be configured to use Oracle Internet Directory.

The steps below demonstrate how application specific users and groups can be configured and mapped to J2EE security roles for a JAAS-enabled application.

Walk Through

Access the Oracle9iAS Enterprise Manager Web Site by visiting:

http://<hostname>:1810, where <hostname> is your fully qualified hostname
(username: ias_admin, password: oracle1)

Click on OC4J_Demos (not OC4J_home, which was used until now in this walkthrough):

And then, click on jazndemos:

The jazndemos application is a simple JAAS-enabled application that uses the JAAS Provider for authentication, integrated with the J2EE security roles.
At the bottom of the next screen, click on Security:
Observe the following facts:

i. The user manager for this application is JAZNUserManager (the JAAS Provider uses the internal class name of JAZN):

ii. A set of users and groups are defined for this application.

iii. The user and group names are prefaced with the realm name of jazndemo.com.The JAAS Provider supports realms as a set of users and groups to define each distinct user community:
Add a new group called architects by clicking on Add Group button:

Click OK.
Add a new User called architect with password welcome by clicking the Add User button. Add the user to the jazndemo.com/architects and jazndemo.com/developers groups:

Click OK.
At the bottom of the page, create a new mapping between the sr_developer security role and the architects and developers groups, by clicking on the Map Role to Principals button. This defines the mapping between the J2EE security (logical) role to the JAAS users and groups:

Click Apply. Click OK to confirm.
Now we are ready to test the application. Visit:

http://<hostname>:7777/callerInfo/ (where <hostname> is your fully qualified machine name and remember that this is case sensitive, so it is best to copy-&-paste)

Note that if you have successfully completed the Web Cache walkthrough, then you can also visit:

http://<hostname>/callerInfo/ (no need to enter the 7777 port number, it defaults to port 80)
Click on callerInfoA, which is protected by the sr_developer role. Enter architect as the username and welcome as the password:
You should see something like:
This simple example illustrates how easy it is to implement JAAS Security in Oracle9iAS OC4J, using Enterprise Manager Web Site.

Summary

In this section you have learnt how to:

Setup JAAS Security using Enterprise Manager Web Site

E-mail this page

Printer View