Security Domain Help

Class: com.sybase.djc.security.SecurityDomain (Security Domain) EAServer 6.3 Help

Description A security domain defines authentication and authorization methods and policies for a group of users.
Two security domains ("default" and "system") are predefined, altough it is expected that in most environments, it will be necessary to reconfigure these domains, or define additional domains, to suit an organization's security policy.

The "default" security domain is intended for regular users.
The "system" security domain is intended for application server administrators.

It is intended that it be possible to use e-mail addresses as user names. A fully qualified username (user@domain) thus matches the naming convention for e-mail addresses. A username with no domain suffix is assumed to belong to the "default" domain.

Configuration See Set Properties Task.

Properties accessControlManager, auditAccessDenied, auditAccessPermitted, authService, authorizationService, callerPrincipalComponent, certificateDigestAlgorithm, csiNamedConfiguration, ftpHostName, ftpPortNumber, httpResourceURL, jaasLoginContext, jdbcDatabaseURL, jdbcDriverClass, jndiInitialContextFactory, jndiLookupName, jndiProviderURL, loginCacheTimeout, loginFailureLockThreshold, loginFailureLockTimeout, loginMethod, maximumPasswordLength, minimumPasswordDigits, minimumPasswordLength, minimumPasswordLetters, minimumPasswordSpecialCharacters, passwordEndCharacters, passwordHashAlgorithm, passwordSpecialCharacters, passwordStartCharacters, permissionCacheTimeout, requireMixedCasePasswords, retainOldPasswords, roleService, webRealmNames

Files Repository/Instance/com/sybase/djc/security/SecurityDomain/*.properties

Class: com.sybase.djc.security.SecurityDomain (Security Domain)	EAServer 6.3 Help

Description	A security domain defines authentication and authorization methods and policies for a group of users. Two security domains ("default" and "system") are predefined, altough it is expected that in most environments, it will be necessary to reconfigure these domains, or define additional domains, to suit an organization's security policy. The "default" security domain is intended for regular users. The "system" security domain is intended for application server administrators. It is intended that it be possible to use e-mail addresses as user names. A fully qualified username (user@domain) thus matches the naming convention for e-mail addresses. A username with no domain suffix is assumed to belong to the "default" domain.
Configuration	See Set Properties Task.
Properties	accessControlManager, auditAccessDenied, auditAccessPermitted, authService, authorizationService, callerPrincipalComponent, certificateDigestAlgorithm, csiNamedConfiguration, ftpHostName, ftpPortNumber, httpResourceURL, jaasLoginContext, jdbcDatabaseURL, jdbcDriverClass, jndiInitialContextFactory, jndiLookupName, jndiProviderURL, loginCacheTimeout, loginFailureLockThreshold, loginFailureLockTimeout, loginMethod, maximumPasswordLength, minimumPasswordDigits, minimumPasswordLength, minimumPasswordLetters, minimumPasswordSpecialCharacters, passwordEndCharacters, passwordHashAlgorithm, passwordSpecialCharacters, passwordStartCharacters, permissionCacheTimeout, requireMixedCasePasswords, retainOldPasswords, roleService, webRealmNames
Files	Repository/Instance/com/sybase/djc/security/SecurityDomain/*.properties

Property: accessControlManager (Access Control Manager)

Description MISSING DESCRIPTION!

Default Value default

Property: accessControlManager (Access Control Manager)
Description	MISSING DESCRIPTION!
Default Value	default

Property: auditAccessDenied (Audit Access Denied)

Description Enables priting of an AUDIT message to the server log whenever access to a protected resource is denied by the application server's security manager.

Default Value false

Legal Values false, true

Property: auditAccessDenied (Audit Access Denied)
Description	Enables priting of an AUDIT message to the server log whenever access to a protected resource is denied by the application server's security manager.
Default Value	false
Legal Values	false, true

Property: auditAccessPermitted (Audit Access Permitted)

Description Enables priting of an AUDIT message to the server log whenever access to a protected resource is permitted by the application server's security manager.

Default Value false

Legal Values false, true

Property: auditAccessPermitted (Audit Access Permitted)
Description	Enables priting of an AUDIT message to the server log whenever access to a protected resource is permitted by the application server's security manager.
Default Value	false
Legal Values	false, true

Property: authService (Authentication Service)

Description Optionally specifies the name of a custom authentication service component (or Java class). The security domain delegates authentication requests to this component or class.

If using a CORBA component, specify its name in the form "MyPackage/MyComp". The component must implement the CtsSecurity::AuthService IDL interface.
If using a Java class, specify its fully qualified class name. The class must contain a method with the signature:
public boolean authenticate(String username, String password) { ... }

Only Used If Property loginMethod has the value "cts-auth".

Property: authService (Authentication Service)
Description	Optionally specifies the name of a custom authentication service component (or Java class). The security domain delegates authentication requests to this component or class. If using a CORBA component, specify its name in the form "MyPackage/MyComp". The component must implement the CtsSecurity::AuthService IDL interface. If using a Java class, specify its fully qualified class name. The class must contain a method with the signature: public boolean authenticate(String username, String password) { ... }
Only Used If	Property loginMethod has the value "cts-auth".

Property: authorizationService (Authorization Service)

Description MISSING DESCRIPTION!

Property: authorizationService (Authorization Service)
Description	MISSING DESCRIPTION!

Property: callerPrincipalComponent (Caller Principal Component)

Description MISSING DESCRIPTION!

Property: callerPrincipalComponent (Caller Principal Component)
Description	MISSING DESCRIPTION!

Property: certificateDigestAlgorithm (Certificate Digest Algorithm)

Description The name of a message digest algorithm supported by the JDK you are using. This algorithm is used for constructing secure one-way hashes of trusted client certificates. See Java™ Cryptography Architecture - API Specification & Reference.

Default Value SHA-512

Property: certificateDigestAlgorithm (Certificate Digest Algorithm)
Description	The name of a message digest algorithm supported by the JDK you are using. This algorithm is used for constructing secure one-way hashes of trusted client certificates. See Java™ Cryptography Architecture - API Specification & Reference.
Default Value	SHA-512

Property: csiNamedConfiguration (CSI Named Configuration)

Description MISSING DESCRIPTION!

Property: csiNamedConfiguration (CSI Named Configuration)
Description	MISSING DESCRIPTION!

Property: ftpHostName (FTP Host Name(s))

Description Host name of the FTP server to which the security domain will delegate authentication requests. A comma-separated list can be used to specify multiple servers (for high availability, not load balancing).

Only Used If Property loginMethod has the value "ftp".

Default Value localhost

Property: ftpHostName (FTP Host Name(s))
Description	Host name of the FTP server to which the security domain will delegate authentication requests. A comma-separated list can be used to specify multiple servers (for high availability, not load balancing).
Only Used If	Property loginMethod has the value "ftp".
Default Value	localhost

Property: ftpPortNumber (FTP Port Number)

Description Port number of the FTP server to which the security domain will delegate authentication requests.

Only Used If Property loginMethod has the value "ftp".

Default Value 21

Minimum Value 1

Maximum Value 65535

Property: ftpPortNumber (FTP Port Number)
Description	Port number of the FTP server to which the security domain will delegate authentication requests.
Only Used If	Property loginMethod has the value "ftp".
Default Value	21
Minimum Value	1
Maximum Value	65535

Property: httpResourceURL (HTTP Resource URL(s))

Description URL for an HTTP resource which the security domain will attempt to access when delegating authentication requests to an HTTP server. A comma-separated list can be used to specify multiple URLs (for high availability, not load balancing).

Only Used If Property loginMethod has the value "http".

Default Value http://???:8000/login

Property: httpResourceURL (HTTP Resource URL(s))
Description	URL for an HTTP resource which the security domain will attempt to access when delegating authentication requests to an HTTP server. A comma-separated list can be used to specify multiple URLs (for high availability, not load balancing).
Only Used If	Property loginMethod has the value "http".
Default Value	http://???:8000/login

Property: jaasLoginContext (JAAS Login Context)

Description Name of a JAAS (Java Authentication and Authorization Service) login context which has been configured in config/eas_jaas.cfg. Please refer to your JDK documentation for details on JAAS configuration file syntax.

Only Used If Property loginMethod has the value "jaas".

Default Value ${jaas.login.context}

Property: jaasLoginContext (JAAS Login Context)
Description	Name of a JAAS (Java Authentication and Authorization Service) login context which has been configured in config/eas_jaas.cfg. Please refer to your JDK documentation for details on JAAS configuration file syntax.
Only Used If	Property loginMethod has the value "jaas".
Default Value	${jaas.login.context}

Property: jdbcDatabaseURL (JDBC Database URL(s))

Description URL for a JDBC database which the security domain will attempt to access when delegating authentication requests to a database server. A comma-separated list can be used to specify multiple URLs (for high availability, not load balancing).

Only Used If Property loginMethod has the value "jdbc".

Default Value jdbc:sybase:Tds:localhost:2638

Property: jdbcDatabaseURL (JDBC Database URL(s))
Description	URL for a JDBC database which the security domain will attempt to access when delegating authentication requests to a database server. A comma-separated list can be used to specify multiple URLs (for high availability, not load balancing).
Only Used If	Property loginMethod has the value "jdbc".
Default Value	jdbc:sybase:Tds:localhost:2638

Property: jdbcDriverClass (JDBC Driver Class)

Description JDBC driver class to be used for database authentication.

Only Used If Property loginMethod has the value "jdbc".

Default Value com.sybase.jdbc3.jdbc.SybDriver

Property: jdbcDriverClass (JDBC Driver Class)
Description	JDBC driver class to be used for database authentication.
Only Used If	Property loginMethod has the value "jdbc".
Default Value	com.sybase.jdbc3.jdbc.SybDriver

Property: jndiInitialContextFactory (JNDI Initial Context Factory)

Description Name of an initial context factory class to be used for JNDI authentication.

Only Used If Property loginMethod has the value "jndi".

Property: jndiInitialContextFactory (JNDI Initial Context Factory)
Description	Name of an initial context factory class to be used for JNDI authentication.
Only Used If	Property loginMethod has the value "jndi".

Property: jndiLookupName (JNDI Lookup Name)

Description Name of a JNDI-bound object which the security domain will attempt to lookup when delegating authentication requests to a JNDI server.

Only Used If Property loginMethod has the value "jndi".

Property: jndiLookupName (JNDI Lookup Name)
Description	Name of a JNDI-bound object which the security domain will attempt to lookup when delegating authentication requests to a JNDI server.
Only Used If	Property loginMethod has the value "jndi".

Property: jndiProviderURL (JNDI Provider URL)

Description Provider URL which the security domain will attempt to access when delegating authentication requests to a JNDI server.

Only Used If Property loginMethod has the value "jndi".

Property: jndiProviderURL (JNDI Provider URL)
Description	Provider URL which the security domain will attempt to access when delegating authentication requests to a JNDI server.
Only Used If	Property loginMethod has the value "jndi".

Property: loginCacheTimeout (Login Cache Timeout)

Description The number of seconds that the record of a successful login will be cached. For web (HTTP) requests, a login occurs at session establishment time. For RMI (IIOP) requests, a login occurs for each incoming method call. Thus, particularly for RMI (IIOP), caching of successful logins is important to ensure good performance.

Default Value 3600

Minimum Value 0

Maximum Value 2147483647

Property: loginCacheTimeout (Login Cache Timeout)
Description	The number of seconds that the record of a successful login will be cached. For web (HTTP) requests, a login occurs at session establishment time. For RMI (IIOP) requests, a login occurs for each incoming method call. Thus, particularly for RMI (IIOP), caching of successful logins is important to ensure good performance.
Default Value	3600
Minimum Value	0
Maximum Value	2147483647

Property: loginFailureLockThreshold (Login Failure Lock Threshold)

Description The number of failed login attempts that will be permitted for a given user account until the user account is locked.

Default Value 5

Minimum Value 1

Maximum Value 2147483647

Property: loginFailureLockThreshold (Login Failure Lock Threshold)
Description	The number of failed login attempts that will be permitted for a given user account until the user account is locked.
Default Value	5
Minimum Value	1
Maximum Value	2147483647

Property: loginFailureLockTimeout (Login Failure Lock Timeout)

Description The number of seconds a user account will remain locked after the login failure threshold has been reached.

Default Value 600

Minimum Value 0

Maximum Value 2147483647

Property: loginFailureLockTimeout (Login Failure Lock Timeout)
Description	The number of seconds a user account will remain locked after the login failure threshold has been reached.
Default Value	600
Minimum Value	0
Maximum Value	2147483647

Property: loginMethod (Login Method)

Description Required. Determines the mechanism used for username/password authentication. A value of "none" permits any username/password to be used, with no checking.

Default Value local-hash

Legal Values cts-auth, ftp, http, jaas, jdbc, jndi, local-hash, netegrity, none, os-auth

Property: loginMethod (Login Method)
Description	Required. Determines the mechanism used for username/password authentication. A value of "none" permits any username/password to be used, with no checking.
Default Value	local-hash
Legal Values	cts-auth, ftp, http, jaas, jdbc, jndi, local-hash, netegrity, none, os-auth

Property: maximumPasswordLength (Maximum Password Length)

Description The maximum number of characters permitted in a password.

Only Used If Property loginMethod has the value "local-hash".

Default Value 14

Minimum Value 0

Maximum Value 2147483647

Property: maximumPasswordLength (Maximum Password Length)
Description	The maximum number of characters permitted in a password.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	14
Minimum Value	0
Maximum Value	2147483647

Property: minimumPasswordDigits (Minimum Password Digits)

Description The minimum number of digits permitted in a password.

Only Used If Property loginMethod has the value "local-hash".

Default Value 1

Minimum Value 0

Maximum Value 2147483647

Property: minimumPasswordDigits (Minimum Password Digits)
Description	The minimum number of digits permitted in a password.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	1
Minimum Value	0
Maximum Value	2147483647

Property: minimumPasswordLength (Minimum Password Length)

Description The minimum number of characters permitted in a password.

Only Used If Property loginMethod has the value "local-hash".

Default Value 6

Minimum Value 0

Maximum Value 2147483647

Property: minimumPasswordLength (Minimum Password Length)
Description	The minimum number of characters permitted in a password.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	6
Minimum Value	0
Maximum Value	2147483647

Property: minimumPasswordLetters (Minimum Password Letters)

Description The minimum number of letters permitted in a password.

Only Used If Property loginMethod has the value "local-hash".

Default Value 2

Minimum Value 0

Maximum Value 2147483647

Property: minimumPasswordLetters (Minimum Password Letters)
Description	The minimum number of letters permitted in a password.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	2
Minimum Value	0
Maximum Value	2147483647

Property: minimumPasswordSpecialCharacters (Minimum Password Special Characters)

Description The minimum number of special characters permitted in a password. See also passwordSpecialCharacters.

Only Used If Property loginMethod has the value "local-hash".

Default Value 0

Minimum Value 0

Maximum Value 2147483647

Property: minimumPasswordSpecialCharacters (Minimum Password Special Characters)
Description	The minimum number of special characters permitted in a password. See also passwordSpecialCharacters.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	0
Minimum Value	0
Maximum Value	2147483647

Property: passwordEndCharacters (Password End Characters)

Description If set, all passwords must end with one of these characters.

Only Used If Property loginMethod has the value "local-hash".

Property: passwordEndCharacters (Password End Characters)
Description	If set, all passwords must end with one of these characters.
Only Used If	Property loginMethod has the value "local-hash".

Property: passwordHashAlgorithm (Password Hash Algorithm)

Description The name of a message digest algorithm supported by the JDK you are using. This algorithm is used for constructing secure one-way hashes of user passwords. See Java™ Cryptography Architecture - API Specification & Reference.

Only Used If Property loginMethod has the value "local-hash".

Default Value SHA-512

Property: passwordHashAlgorithm (Password Hash Algorithm)
Description	The name of a message digest algorithm supported by the JDK you are using. This algorithm is used for constructing secure one-way hashes of user passwords. See Java™ Cryptography Architecture - API Specification & Reference.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	SHA-512

Property: passwordSpecialCharacters (Password Special Characters)

Description Special characters that can be used in a password. See also minimumPasswordSpecialCharacters.

Only Used If Property loginMethod has the value "local-hash".

Property: passwordSpecialCharacters (Password Special Characters)
Description	Special characters that can be used in a password. See also minimumPasswordSpecialCharacters.
Only Used If	Property loginMethod has the value "local-hash".

Property: passwordStartCharacters (Password Start Characters)

Description If set, all passwords must start with one of these characters.

Only Used If Property loginMethod has the value "local-hash".

Property: passwordStartCharacters (Password Start Characters)
Description	If set, all passwords must start with one of these characters.
Only Used If	Property loginMethod has the value "local-hash".

Property: permissionCacheTimeout (Permission Cache Timeout)

Description The number of seconds that the result of an authorization (access control) check will be cached. This applies to both denied access and permitted access. Caching of authorization results is important to ensure good performance.

Default Value 3600

Minimum Value 0

Maximum Value 2147483647

Property: permissionCacheTimeout (Permission Cache Timeout)
Description	The number of seconds that the result of an authorization (access control) check will be cached. This applies to both denied access and permitted access. Caching of authorization results is important to ensure good performance.
Default Value	3600
Minimum Value	0
Maximum Value	2147483647

Property: requireMixedCasePasswords (Require Mixed Case Passwords)

Description If enabled, then passwords must contain both lowercase and uppercase letters.

Only Used If Property loginMethod has the value "local-hash".

Default Value false

Legal Values false, true

Property: requireMixedCasePasswords (Require Mixed Case Passwords)
Description	If enabled, then passwords must contain both lowercase and uppercase letters.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	false
Legal Values	false, true

Property: retainOldPasswords (Retain Old Passwords)

Description The number of old (hashed) passwords that is retained to prevent re-use of passwords.

Only Used If Property loginMethod has the value "local-hash".

Default Value 8

Minimum Value 0

Maximum Value 2147483647

Property: retainOldPasswords (Retain Old Passwords)
Description	The number of old (hashed) passwords that is retained to prevent re-use of passwords.
Only Used If	Property loginMethod has the value "local-hash".
Default Value	8
Minimum Value	0
Maximum Value	2147483647

Property: roleService (Role Service)

Description Optionally specifies the name of a custom role service component (or Java class). The security domain delegates role membership tests to this component or class.

If using a CORBA component, specify its name in the form "MyPackage/MyComp". The component must implement the CtsSecurity::RoleService IDL interface.
If using a Java class, specify its fully qualified class name. The class must contain a method with the signature:
public boolean isUserInRole(String user, String role) { ... }

Property: roleService (Role Service)
Description	Optionally specifies the name of a custom role service component (or Java class). The security domain delegates role membership tests to this component or class. If using a CORBA component, specify its name in the form "MyPackage/MyComp". The component must implement the CtsSecurity::RoleService IDL interface. If using a Java class, specify its fully qualified class name. The class must contain a method with the signature: public boolean isUserInRole(String user, String role) { ... }

Property: webRealmNames (Web Realm Names)

Description A comma-separated list of web realm names (as may appear in the WEB-INF/web.xml for deployed web modules). Each of the listed web realms will be mapped to this security domain.