Contained WithinFind More DocumentationFeatured Support Resources |  Download this book in PDF (1816 KB)
Chapter 2 Deploying the OpenSSO Enterprise Web ContainerBefore you can deploy the SunTM OpenSSO Enterprise opensso.war file, one of the following web containers must be installed, running, and configured on the host server. This chapter describes the considerations and deployment tasks (if any) for these web containers: For more information, see also the Web Containers Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. Planning Your OpenSSO Enterprise Web Container DeploymentUse the following table to plan your OpenSSO Enterprise web container deployment and configuration. For more detailed information, click the link for a each web container. Table 2–1 OpenSSO Enterprise Web Containers
Sun Java System Application Server 9.1 Update 1 and Update 2Download location: http://www.sun.com/download/index.jsp For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. OpenSSO Enterprise Pre-Deployment Tasks
GlassFish Application Server V2 UR1 and UR2GlassFish site: https://glassfish.dev.java.net/ For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. Download locations:
OpenSSO Enterprise Pre-Deployment Tasks
Sun Java System Web Server 7.0 Update 3For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. Download location: http://www.sun.com/download/index.jsp OpenSSO Enterprise supports Web Server 7.0 Update 3 only. Web Server 7.0 Update 1 and Web Server 7.0 Update 2 are not supported. Web Server 7.0 Update 3 Documentation Center in the following collection: http://docs.sun.com/coll/1653.3 OpenSSO Enterprise Pre-Deployment TasksUsing the Web Server 7.0 administration console or CLI, set the JVM heap size option from the default -Xms128M -Xmx256M to -Xms256M -Xmx512M. Apache Tomcat 5.5.27 and 6.0.18OpenSSO Enterprise supports Tomcat 5.5.27 or 6.0.18. For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. Add the security permissions to the catalina.policy file, as described in Adding Security Permissions For a Web Container. After you edit the file, restart the web container. For general information about Apache Tomcat, see http://tomcat.apache.org/. OpenSSO Enterprise Pre-Deployment TasksSet the -Xmx JVM option to -Xmx1024m. For Tomcat version 5.5.27 only, add the -Dcom.iplanet.am.cookie.c66Encode=true JVM debug option to the JAVA_OPTS variable in the Tomcat catalina.sh or catalina.bat script. For example, for catalina.sh: if [ -r "$CATALINA_HOME"/bin/tomcat-juli.jar ]; then JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.iplanet.am.cookie.c66Encode=true" OpenSSO Enterprise Post-Deployment TasksAfter you deploy OpenSSO Enterprise on Tomcat, use the ssoadm utility to set the cookie encoding property to true. For example: # ./ssoadm update-server-cfg \ -s http://openssohost.example.com:8080/opensso -u amadmin -f pwfile \ -a com.iplanet.am.cookie.encode=true In this example, pwfile contains the password for amadmin. BEA WebLogic Server 9.2 MP2For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. OpenSSO Enterprise Pre-Deployment Tasks
BEA WebLogic Server 10For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. OpenSSO Enterprise Pre-Deployment TasksFor the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes.
Oracle Application Server 10gOracle Application Server 10g version 10.1.3.x is supported. For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. Oracle site: http://www.oracle.com/technology/products/database/oracle10g OpenSSO Enterprise Pre-Deployment TasksIf the Security Manager for Oracle Containers for Java EE (OC4J) is enabled with the JVM option -Djava.security.manager, append the permissions shown in Example 2–6 to the ORACLE_HOME/j2ee/home/config/java2.policy file. IBM WebSphere Application Server 6.1WebSphere Application Server 6.1 is supported on Solaris, Linux, Windows, and IBM AIX 5.3 systems. If the Java Security Manager is enabled, add the security permissions to the server.policy file, as described in Adding Security Permissions For a Web Container. After you edit the file, restart the web container. OpenSSO Enterprise Pre-Deployment TasksAdding GenericJvmArgumentsAdd the genericJvmArguments using the WebSphere Admin Console or by editing the server.xml file:
Adding Security PermissionsIf the Java Security Manager is enabled, add the security permissions to the server.policy file, as described in Adding Security Permissions For a Web Container. After you edit the file, restart the web container. Running the JSP CompilerThe OpenSSO Enterprise JSP files require JDK 1.5 (or later), but on WebSphere Application Server 6.1, the JDK source level for JSP files is set to JDK 1.3 by default. To reset the JDK source level on WebSphere Application Server 6.1:
For more information about the jdkSourceLevel parameter as well as other JSP engine configuration parameters, see: Post-Deployment TaskUsing the ssoadm and ampassword Utilities
The setup script in ssoAdminTools.zip installs the utilities and scripts. For information, see Chapter 6, Installing the OpenSSO Enterprise Utilities and Scripts. Apache Geronimo Application Server 2.1.1OpenSSO Enterprise server supports Geronimo Application Server 2.1.1 with Tomcat on Solaris systems only. OpenSSO Enterprise Pre-Deployment Tasks
Related Information:
JBoss Application Server 4.xOpenSSO Enterprise server supports the Single Archive or Exploded Deployment on JBoss Application Server 4.x. For information see http://www.jboss.com/. See also Examples: Deploying OpenSSO Enterprise on JBoss Application Server. For the platforms that are supported for this web container, see Platforms Supported For OpenSSO Enterprise 8.0 in Sun OpenSSO Enterprise 8.0 Release Notes. OpenSSO Enterprise Pre-Deployment TasksIf you are using the Security Token Service (STS), set the MaxPermSize JVM option to a minimum value of 128 MB. For example: -XX:MaxPermSize=128M Adding Security Permissions For a Web ContainerIf the Java Security Manager is enabled for a web container, add the security permissions to the to the appropriate security policy file:
The security policy file depends on the web container:
 Caution – Before you modify the security policy file, backup the existing file. After you add the security permissions, restart the web container. Adding OpenSSO Enterprise Security PermissionsThese security permissions apply to Sun Java System Application Server 9.1 Update 1 and Update 2, and GlassFish Application Server V2 UR1 and UR2. Add these permissions to the server.policy file. Example 2–1 OpenSSO Enterprise Security Permissionsgrant {
permission java.net.SocketPermission "*", "listen,connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
permission javax.management.MBeanServerPermission "newMBeanServer";
permission javax.management.MBeanPermission "*", "registerMBean";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanTrustPermission "register";
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.util.PropertyPermission "javax.xml.soap.MetaFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.MessageFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPConnectionFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPFactory", "write";
permission java.net.NetPermission "getProxySelector";
permission java.security.SecurityPermission "getProperty.authconfigprovider.factory";
permission java.security.SecurityPermission "setProperty.authconfigprovider.factory";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPublicCredentials";
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "putProviderProperty.WSS_TRANSFORM";
permission java.security.SecurityPermission "insertProvider.WSS_TRANSFORM";
permission java.security.SecurityPermission "getProperty.ocsp.*";
};
OpenSSO Enterprise Security Permissions for Apache TomcatAdd the following permissions to the Apache Tomcat catalina.policy file. Example 2–2 OpenSSO Enterprise Security Permissions for Apache Tomcatgrant {
permission java.net.SocketPermission "*", "listen,connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
permission javax.management.MBeanServerPermission "newMBeanServer";
permission javax.management.MBeanPermission "*", "registerMBean";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanTrustPermission "register";
permission javax.management.MBeanPermission "*" , "*" ;
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.util.PropertyPermission "javax.xml.soap.MetaFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.MessageFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPConnectionFactory",
"write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPFactory", "write";
permission java.net.NetPermission "getProxySelector";
permission java.security.SecurityPermission
"getProperty.authconfigprovider.factory";
permission java.security.SecurityPermission
"setProperty.authconfigprovider.factory";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPublicCredentials";
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "putProviderProperty.WSS_TRANSFORM";
permission java.security.SecurityPermission "insertProvider.WSS_TRANSFORM";
permission java.security.SecurityPermission "getProperty.ocsp.*";
};
OpenSSO Enterprise Security Permissions for WebLogic ServerAdd these permissions to the weblogic.policy file. Example 2–3 OpenSSO Enterprise Security Permissions for the WebLogic Server weblogic.policy Filegrant {
permission java.net.SocketPermission "*", "listen,connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
permission javax.management.MBeanServerPermission "newMBeanServer";
permission javax.management.MBeanPermission "*", "registerMBean";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanTrustPermission "register";
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.util.PropertyPermission "javax.xml.soap.MetaFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.MessageFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPConnectionFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPFactory", "write";
permission java.net.NetPermission "getProxySelector";
permission java.security.SecurityPermission "getProperty.authconfigprovider.factory";
permission java.security.SecurityPermission "setProperty.authconfigprovider.factory";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPublicCredentials";
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "putProviderProperty.WSS_TRANSFORM";
permission java.security.SecurityPermission "insertProvider.WSS_TRANSFORM";
};
OpenSSO Enterprise Security Permissions for IBM WebSphere Application Server 6.1Add these permissions to the server.policy file. Example 2–4 OpenSSO Enterprise Security Permissions for IBM WebSphere Application Server 6.1grant {
permission java.net.SocketPermission "*", "listen,connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
permission javax.management.MBeanServerPermission "newMBeanServer";
permission javax.management.MBeanPermission "*", "registerMBean";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanTrustPermission "register";
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.util.PropertyPermission "javax.xml.soap.MetaFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.MessageFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPConnectionFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPFactory", "write";
permission java.net.NetPermission "getProxySelector";
permission java.security.SecurityPermission "getProperty.authconfigprovider.factory";
permission java.security.SecurityPermission "setProperty.authconfigprovider.factory";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPublicCredentials";
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "putProviderProperty.WSS_TRANSFORM";
permission java.security.SecurityPermission "insertProvider.WSS_TRANSFORM";
permission java.security.SecurityPermission "getProperty.ocsp.*";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "setIO";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "readFileDescriptor";
permission java.lang.RuntimePermission "writeFileDescriptor";
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "defineClassInPackage.*";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "*", "read,write";
permission com.ibm.oti.shared.SharedClassPermission "*", "read,write";
permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig",
"read,write,execute,delete";
};
OpenSSO Enterprise Security Permissions for JBoss Application ServerAdd these permissions to the server.policy file. Example 2–5 OpenSSO Enterprise Security Permissions for JBoss Application Servergrant {
permission java.net.SocketPermission "*", "connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
permission javax.management.MBeanServerPermission "newMBeanServer";
permission javax.management.MBeanPermission "*", "registerMBean";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanTrustPermission "register";
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.util.PropertyPermission "javax.xml.soap.MetaFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.MessageFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPConnectionFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPFactory", "write";
permission java.net.NetPermission "getProxySelector";
permission java.security.SecurityPermission "getProperty.authconfigprovider.factory";
permission java.security.SecurityPermission "setProperty.authconfigprovider.factory";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPublicCredentials";
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "putProviderProperty.WSS_TRANSFORM";
permission java.security.SecurityPermission "insertProvider.WSS_TRANSFORM";
};
OpenSSO Enterprise Security Permissions for Oracle Application ServerAdd these permissions to the java2.policy file. Example 2–6 OpenSSO Enterprise Security Permissions For the Oracle java2.policy Filegrant {
permission java.net.SocketPermission "*", "listen,connect,accept,resolve";
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.logging.LoggingPermission "control";
permission java.lang.RuntimePermission "shutdownHooks";
permission javax.security.auth.AuthPermission "getLoginConfiguration";
permission javax.security.auth.AuthPermission "setLoginConfiguration";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.*";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,execute,delete";
permission java.util.PropertyPermission "java.util.logging.config.class", "write";
permission java.security.SecurityPermission "removeProvider.SUN";
permission java.security.SecurityPermission "insertProvider.SUN";
permission javax.security.auth.AuthPermission "doAs";
permission java.util.PropertyPermission "java.security.krb5.realm", "write";
permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "user.language", "write";
permission javax.security.auth.kerberos.ServicePermission "*", "accept";
permission javax.net.ssl.SSLPermission "setHostnameVerifier";
permission java.security.SecurityPermission "putProviderProperty.IAIK";
permission java.security.SecurityPermission "removeProvider.IAIK";
permission java.security.SecurityPermission "insertProvider.IAIK";
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
permission javax.management.MBeanServerPermission "newMBeanServer";
permission javax.management.MBeanPermission "*", "registerMBean";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanTrustPermission "register";
permission java.lang.management.ManagementPermission "monitor";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.util.PropertyPermission "javax.xml.soap.MetaFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.MessageFactory", "write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPConnectionFactory",
"write";
permission java.util.PropertyPermission "javax.xml.soap.SOAPFactory", "write";
permission java.net.NetPermission "getProxySelector";
permission java.security.SecurityPermission
"getProperty.authconfigprovider.factory";
permission java.security.SecurityPermission
"setProperty.authconfigprovider.factory";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPublicCredentials";
permission java.security.SecurityPermission "insertProvider.XMLDSig";
permission java.security.SecurityPermission "putProviderProperty.WSS_TRANSFORM";
permission java.security.SecurityPermission "insertProvider.WSS_TRANSFORM";
permission oracle.oc4j.security.OC4JRuntimePermission "oracle.oc4j.OC4JOnly";
permission javax.management.MBeanPermission "-#-[-]", "queryMBeans";
permission java.lang.RuntimePermission "setContextClassLoader";
};
OpenSSO Enterprise Security Permissions for Geronimo Application Server
|
||||||||||||||||||||||||||||||||||||||||||||
|
To Enable the Java Security Manager for Geronimo Application
Server