Previous | Security Configuration | Next |
A secure client is configured from properties held as elements in an XML file. The location of this file is given by the system property security.ConfigurationFile. If this has not been set, the location will be taken from the Security Configation File property set in the Administration Manager.
A working knowledge of XML or familiarity with an XML editor is required to create the Security Configuration file.
The following properties can be set in the Security Configuration file. Some of these properties can also be set (or overridden) in other ways, as noted.
This property determines whether security will be enabled or disabled and can take the values true (enabled) or false (disabled). It defaults to false if not explicitly set.
To disable security, neither this property nor the Security Enabled property in the Administration Manager must be set to true. Either one of the two properties set to true is sufficient to enable security.
This includes two properties: user and password, which are the GSSUP credentials that will be used for the Subject.
There are three ways that these properties can be set. In order of precedence, these are:
com.prismt.openfusion.security.util.Configuration.getInstance().setGSSUPUserName(name) |
com.prismt.openfusion.security.util.Configuration.getInstance().setGSSUPPassword(password) |
This group of properties defines the locations of up to five different files used by the Security Service:
This property gives the location of the Principal Mappings file (described in Creating Principal Mappings). If this property is set, it will override the XML Principal Persistence File property set in the Administration Manager. The system property security.XMLPrincipalPersistenceFile can be used to override the location set by this property.
This property gives the location of the ACL Persistence file. If this property is set, it will override the XML ACL Persistence File property set in the Administration Manager. The system property security.XMLACLPersistenceFile can be used to override the location set by this property.
This property gives the location of the Group Persistence file (described in Creating ACL Groups). If this property is set, it will override the XML Group Persistence File property set in the Administration Manager. The system property security.XMLGroupPersistenceFile can be used to override the location set by this property.
This property gives the location of the file that holds user names and passwords for the default LoginModule. If this property is set, it will override the Security Credentials File property set in the Administration Manager. The system property security.UserDataFile can be used to override the location set by this property.
If this property is present, its value will be used to set the java.security.auth.login.config system property. It is used by the com.sun.security.auth.login.ConfigFile object, which handles runtime login configuration. For more details, consult the JAAS documentation.
If this property is present, it will override the default key used to identify the configured LoginModules. The default value of this key is OpenFusion. For more details, consult the JAAS documentation.
If this property is set to true, LoginModules will be triggered on the client side of a call. The property defaults to false if not explicitly set.
If this property is set to true, LoginModules will be triggered if this is the server side of a call. The property defaults to true if not explicitly set.
Previous | Security Configuration | Next |