Chapter 10 Other Server Configuration Files

This chapter summarizes the configuration files that are not discussed in other chapters. Configuration files that should never be modified are not listed in this chapter. The following configuration files are described in detail:

• certmap.conf

• sun-web.xml

• login.conf

• server.policy

• default-web.xml

certmap.conf

The certmap.conf file configures how a certificate is mapped to an LDAP entry designated by issuerDN.

The following table describes the certmap.conf file properties.

Table 10–1 certmap.conf Properties

Attribute	Allowed Values	Default Value	Description
DNComps	See description	Commented out	Used to form the base DN for performing an LDAP search while mapping the certificate to a user entry. Values are as follows:  Commented out – Takes the user's DN from the certificate as is Empty – Searches the entire LDAP tree (DN == suffix) Comma-separated attributes – Forms the DN
FilterComps	See description	Commented out	Used to form the filter for performing an LDAP search while mapping the certificate to a user entry. Values are as follows:  Commented out or empty – Sets the filter to "objectclass=*" Comma-separated attributes – Forms the filter
verifycert	on or off	off (commented out)	Specifies whether certificates are verified.
CmapLdapAttr	Name of the LDAP attribute	certSubjectDN (commented out)	Specifies the name of the attribute in the LDAP database that contains the DN of the certificate.
library	Path to shared lib or dll	None	Specifies the library path for custom certificate mapping code.
InitFn	Name of initialization function	None	Specifies the initialization function in the certificate mapping code referenced by library.

Location

instance_dir/config

Syntax

certmap name issuerDNname:property1 [value1]
name:property2 [value2]
...

The default certificate is named default, and the default issuerDN is also named default. Therefore, the first certmap.conf defined in the file must be as follows:

certmap default default

Use # at the beginning of a line to indicate a comment.

See Also

Sun Java System Web Server 7.0 Administrator’s Guide

sun-web.xml

The sun-web.xml file configures the features specific to the Web Server for deployed web applications. For more information about sun-web.xml, see Sun Java System Web Server 7.0 Developer’s Guide to Java Web Applications.

Location

The META-INF or WEB-INF directory of a module or application

login.conf

The login.conf file is the login module definition configuration used by the Java Authentication and Authorization Service (JAAS) for client authentication.

Location

instance_dir/config

server.policy

The server.policy file controls the access that applications have to the resources. This file is the standard Java SE policy file. In Web Server, the Java SE SecurityManager (the Java component that enforces the policy) is not active by default. The policies granted in this policy file do not have any effect unless the SecurityManager is turned on in server.xml.

To use the Java SE SecurityManager, turn it on by adding the following JVM options to server.xml, using the jvm-options subelement of the jvm element:

<jvm-options>-Djava.security.manager</jvm-options>
<jvm-options>-Djava.security.policy=instance_dir/config/server.policy</jvm-options>

You can also add JVM options using the Admin Console or the wadm set-jvm-props command.

Location

instance_dir/config

Syntax

grant [codeBase "path"] {
         permission permission_class "package", "permission_type";
...
};

See Also

Sun Java System Web Server 7.0 Developer’s Guide to Java Web Applications

http://java.sun.com/docs/books/tutorial/security1.2/tour2/index.html

default-web.xml

The default-web.xml is a global web deployment descriptor file that is shared by deployed web applications. There is one default-web.xml per server instance that is shared by all web applications deployed on the server instance.

Location

instance_dir/config

See Also

Sun Java System Web Server 7.0 Developer’s Guide to Java Web Applications