uCosminexus Application Server, Security Management Guide

[Contents][Index][Back][Next]

5.21 JavaVM property setup

When the integrated user management is used, it is necessary to set the JavaVM properties when JavaVM starts. The Easy Setup definition file or the management portal should be used for this purpose. This section describes how to set the properties in the Easy Setup definition file when the SmartComposer function is used to establish the Web system.

Enter the JavaVM properties within the <configuration> tag of the logical J2EE server (j2ee-server) in the Easy Setup definition file.

The following table lists the JavaVM properties.

Table 5-18 JavaVM properties in the easy setup definition file

Parameter Setting
jaas.ua.enabled Enables the JavaVM JAAS.
java.security.auth.login.config Specifies the jaas.conf file path.
com.cosminexus.admin.auth.config Specifies the ua.conf file path.
com.cosminexus.admin.auth.passwordScramble.enable Enables or disables the function to encrypt passwords scrambled by the uachpw command; for details, see 5.20.2(3) Changing and scrambling passwords.
jaas.config.load_exclusively Specifies whether to ignore login configurations other than jaas.conf specified by the java.security.auth.login.config parameter.

For details about the Easy Setup definition file, see 4.6 Easy Setup definition file in the uCosminexus Application Server Definition Reference Guide.

The following is an example of JavaVM properties.

In the example, password scrambling is enabled and login configurations other than jaas.conf are ignored.

Example of the Easy Setup definition file
 
:
<configuration>
  <logical-server-type>j2ee-server</logical-server-type>
    <param>
      <param-name>jaas.ua.enabled</param-name>
      <param-value>true</param-value>
    </param>
    <param>
      <param-name>java.security.auth.login.config</param-name>
      <param-value><Cosminexus installation directory>/manager/config/jaas.conf</param-value>
    </param>
    <param>
      <param-name>com.cosminexus.admin.auth.config</param-name>
      <param-value><Cosminexus installation directory>/manager/config/ua.conf</param-value>
    </param>
    <param>
      <param-name>com.cosminexus.admin.auth.passwordScramble.enable</param-name>
      <param-value>true</param-value>
    </param>
    <param>
      <param-name>jaas.config.load_exclusively</param-name>
      <param-value>true</param-value>
    </param>
:
</configuration>
Reference note
To change the access permission so that the Web application can carry out operations on the LoginContext class, change the server.policy settings.
For details about server.policy, see 2.5 server.policy (security policy file for J2EE server) in the uCosminexus Application Server Definition Reference Guide.
Reference note
JavaVM property setup in the servlet engine mode
When the integrated user management is used, it is necessary to set the J2EE server usrconf.properties and web.policy when JavaVM starts. The following gives an overview of the file settings.

Settings in usrconf.properties
Use the java.security.auth.login.config key to specify the jaas.conf location.
Use the com.cosminexus.admin.auth.config key to specify the ua.conf location.
Use the com.cosminexus.admin.auth.passwordScramble.enable key to enable or disable the function to encrypt passwords scrambled by the uachpw command.
When passwords are scrambled by the uachpw command, be sure to include com.cosminexus.admin.auth.passwordScramble.enable=true in usrconf.properties to enable the function to encrypt scrambled passwords.
The usrconf.properties location is as follows.
Windows:
Cosminexus installation directory\CC\web\containers\server name\usrconf\usrconf.properties
UNIX:
/opt/Cosminexus/CC/web/containers/server name/usrconf/usrconf.properties

Example of usrconf.properties settings
Windows:
java.security.auth.login.config==C:/Program Files/Hitachi/Cosminexus/manager/config/jaas.conf
com.cosminexus.admin.auth.config=C:/Program Files/Hitachi/Cosminexus/manager/config/ua.conf
com.cosminexus.admin.auth.passwordScramble.enable=true
"C:/Program Files/Hitachi/Cosminexus/" is the default Cosminexus installation directory. Replace it with the actual installation directory when needed.
UNIX:
java.security.auth.login.config==/opt/Cosminexus/manager/config/jaas.conf
com.cosminexus.admin.auth.config=/opt/Cosminexus/manager/config/ua.conf
com.cosminexus.admin.auth.passwordScramble.enable=true

Settings in web.policy
web.policy sets the access permission so that the Web application can carry out operations on the LoginContext class. For details about access permission settings, see the javax.security.auth.AuthPermission class.
To provide enhanced support of custom login module and authentication password encryption, it is required to set access permissions to carry out operations on each of the classes.
The web.policy location is as follows.
Windows:
Cosminexus installation directory\CC\web\containers\server name\usrconf\web.policy
UNIX:
/opt/Cosminexus/CC/web/containers/server name/usrconf/web.policy

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2013, Hitachi, Ltd