15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.

Slides:



Advertisements
Similar presentations
J2EE Overview.
Advertisements

6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Lesson 17: Configuring Security Policies
® IBM Software Group © 2006 IBM Corporation Securing Your Application With WebSphere Security You will need to develop Login procedures for your web applications.
Understanding WebLogic Security
Web Application Security SSE USTC Qing Ding. Agenda General security issues Web-tier security requirements and schemes HTTP basic authentication based.
Securing web applications using Java EE Dr Jim Briggs 1.
5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.
WEB2P security Java web application security Dr Jim Briggs.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
Teamcenter™ Security Services SSO
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
J2EE Security and Enterprise Java Beans Mrunal G. Dhond Department of Computing and Information Sciences Master of Science, Final Defense February 26,
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
2 Copyright © 2009, Oracle. All rights reserved. Getting Started with Warehouse Builder.
Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
4 Copyright © 2009, Oracle. All rights reserved. Designing Mappings with the Oracle Data Integration Enterprise Edition License.
Copyright 2000 eMation SECURITY - Controlling Data Access with
第十四章 J2EE 入门 Introduction What is J2EE ?
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
Security Planning and Administrative Delegation Lesson 6.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
SURENDER SARA 10GAS Building Corporate KPI’s
2 Copyright © 2004, Oracle. All rights reserved. Running a Forms Developer Application.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
Topic Java EE installation (Eclipse, glassfish, etc.) Eclipse configuration for EE Creating a Java Web Dynamic Project Creating your first servlet.
13 Copyright © 2009, Oracle. All rights reserved. Integrating with Oracle Business Intelligence Enterprise Edition (OBI EE)
New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders.
Struts 2 introduction. Struts 2 framework Struts 2 A full-featured web application framework for the Java EE platform The Java Servlet API exposes the.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.
9 Copyright © 2009, Oracle. All rights reserved. Deploying and Reporting on ETL Jobs.
3 Copyright © 2009, Oracle. All rights reserved. Understanding the Warehouse Builder Architecture.
Preface IIntroduction Objectives I-2 Course Overview I-3 1Oracle Application Development Framework Objectives 1-2 J2EE Platform 1-3 Benefits of the J2EE.
13 Copyright © 2004, Oracle. All rights reserved. Adding Validation and Error Handling.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
11 Copyright © 2004, Oracle. All rights reserved. Customizing Actions.
17 Copyright © 2004, Oracle. All rights reserved. Deploying an ADF Application.
DEVELOPING ENTERPRISE APPLICATIONS USING EJB
8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.
10 Copyright © 2004, Oracle. All rights reserved. Building ADF View Components.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
2 Copyright © 2004, Oracle. All rights reserved. ADF Development Process.
17 Copyright © 2004, Oracle. All rights reserved. Integrating J2EE Components.
2 Copyright © 2004, Oracle. All rights reserved. Running a Forms Developer Application.
2 Copyright © 2006, Oracle. All rights reserved. Running a Forms Developer Application.
Application Integration for the Web
3 Copyright © 2006, Oracle. All rights reserved. Building an Analytic Workspace.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
2 Copyright © Oracle Corporation, All rights reserved. Basic Oracle Net Architecture.
16 Copyright © 2004, Oracle. All rights reserved. Building ADF UIX View Components.
2 Copyright © 2008, Oracle. All rights reserved. Building the Physical Layer of a Repository.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Lesson 4: Configuring File and Share Access
Using E-Business Suite Attachments
IBM Certified WAS 8.5 Administrator
Presentation transcript:

15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client

15-2 Copyright © 2004, Oracle. All rights reserved. Objectives After completing this lesson, you should be able to do the following: Describe how Java Authentication and Authorization Services (JAAS) works in a Web application Use JAAS to add security to an application Add users and roles to an application deployment descriptor Add JAAS security to a Web application

15-3 Copyright © 2004, Oracle. All rights reserved. JAAS Provider The JAAS provider supports: –Storage, retrieval, and administration of: - Realm information (users and roles) - Policy (permissions) –Multiple repositories: - XML based - LDAP based –Login modules It works with J2EE declarative security model: –Is part of the deployment model –Requires little or no programming

15-4 Copyright © 2004, Oracle. All rights reserved. Defining Security Needs Determine the logical roles in an application: –Customer –Buyer –Administrator Determine authorization constraints: Who can do what actions. Decide provider type: –XML- based flat file –LDAP (Oracle Internet Directory) Map security roles to users and groups.

15-5 Copyright © 2004, Oracle. All rights reserved. Oracle JAAS Implementation: JAZN OracleAS Containers for J2EE (OC4J) implement a JAAS provider called JAZN. The Oracle provider supports: –Integration with single sign-on (SSO) –Access control through Java 2 permissions –Secure file-based storage of user passwords JAZNUserManager –Obfuscates passwords in flat file storage –Supports full role-based access control –Supports full support for Java 2 permissions model

15-6 Copyright © 2004, Oracle. All rights reserved. Client Authentication Authentication: –Determines who clients are –Can they prove it? JAAS integrates any number of authentication schemes, for example: –SSO: Uses OracleAS Single Sign-On –SSL: Uses secure sockets layer (SSL) for client certificate-based authentication –Basic authentication: Prompts for username and password –Write your own login module.

15-7 Copyright © 2004, Oracle. All rights reserved. Client Authorization Client authorization is specified in J2EE deployment descriptors. Every client obtains a security principal. A client can invoke a URL or a method only if the client’s role has the associated rights. The J2EE container enforces security policies and provides tools for managing security. Struts includes roles at the “node” level.

15-8 Copyright © 2004, Oracle. All rights reserved. Basic Authentication Scenario WebApp Servlet 2 OracleAS JAAS OracleAS JAAS Policy Oracle Containers for J2EE OracleAS JAZN Provider HTTP client HTTP Server JAZNUserManager Servlet 1

15-9 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to an Application JDeveloper provides a dialog box to help add JAAS security to an application. By using the dialog box, you do not have to directly edit the XML files. Security settings are maintained in the web.xml file. Access the settings: –Right-click web.xml in the Applications Navigator. –Select properties from the context menu.

15-10 Copyright © 2004, Oracle. All rights reserved. Adding Authorization Information to Struts The Struts configuration includes an authorization scheme. The scheme specifies authorization at the node level. Specify the authorized role in the Property Inspector.

15-11 Copyright © 2004, Oracle. All rights reserved. web.xml Properties To implement JAAS security, modify: Security roles: Add the security role that you want to use. Add a Web resource: –Specify any unique name. –Add a URL pattern to validate. –On the Authorizations tabbed page, select the user role.

15-12 Copyright © 2004, Oracle. All rights reserved. web.xml Results … TestApplication / users users

15-13 Copyright © 2004, Oracle. All rights reserved. Adding Users and Roles JDeveloper provides a wizard interface to the jazn-data.xml file. Select Tools > Embedded OC4J Server Preferences.

15-14 Copyright © 2004, Oracle. All rights reserved. Adding Users

15-15 Copyright © 2004, Oracle. All rights reserved. Managing Roles

15-16 Copyright © 2004, Oracle. All rights reserved. Selecting a Specific jazn-data.xml File JDeveloper allows you to specify which JAZN file to use at runtime in the application configuration. To change files: –Right-click the application module –Select configurations –Edit the jbo.security.config property –Enter the path to your jazn-data.xml file It gives you testing and deployment flexibility. To use LDAP, change the jazn.xml file.

15-17 Copyright © 2004, Oracle. All rights reserved. Running the Application Test the application. The browser prompts for username and password. The application is opened if the user is authenticated and authorized. If either fails, the application is not authorized to run.

15-18 Copyright © 2004, Oracle. All rights reserved. Summary In this lesson, you should have learned how to: Use JAAS to add security to an application Add users and roles to an application deployment descriptor Add JAAS security to a Web application Describe how JAAS works in a Web application.

15-19 Copyright © 2004, Oracle. All rights reserved. Practice 15-1

15-20 Copyright © 2004, Oracle. All rights reserved. Practice 15-1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.