uCosminexus Application Server, Security Management Guide
![[Contents]](FIGURE/CONTENT.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Index
[Symbols]
[A][C][D][E][F][G][H][I][J][L][M][N][O][P][R][S][T][U][V][W]
- (Symbols)
- -nosecurity option
- <ua:attributeEntries>Entries</ua:attributeEntries> tag
- <ua:attributeEntry/> tag
- <ua:chpw/> tag
- <ua:exception>Body</ua:exception> tag
- <ua:getAttribute/> tag
- <ua:getAttributeNames/> tag
- <ua:getAttributes/> tag
- <ua:getPrincipalName/> tag
- <ua:login/> tag
- <ua:logout/> tag
- <ua:notLogin>Body</ua:notLogin> tag
- (A)
- access permission management
- access permission, setting up
- Active Directory, settings when using
- addAttribute method
- addAttribute method
- addSSOData method
- addSSODataListener method
- addUserData method (syntax 1)
- addUserData method (syntax 2)
- API
- association between SPI and
- for implementation of EJB client applications
- provided by integrated user management framework
- used with integrated user management framework
- API parameter
- API-based implementation, notes on
- Application (option of JAAS configuration file)
- application execution infrastructure
- functionality for
- functionality for operating and maintaining
- application server, security management with
- application-centralized configuration
- application-distributed configuration
- attribute list, example of setting
- AttributeEntry class
- AttributeEntry constructor
- authentication
- by application setup
- with security identities
- authentication functionality
- available for applications
- precautions for using
- authentication information, definition file for
- authentication password encryption, enhanced support of
- authentication process
- authentication program coding
- example of (in UNIX)
- example of (in Windows)
- authentication states, inheritance of
- (C)
- ChangeDataFailedException class
- ChangeDataFailedException constructor
- changePassword method
- check method (syntax 1)
- check method (syntax 2)
- client authentication
- close method
- com.cosminexus.admin.auth.api.repository.event.ChangeDataFailedException
- com.cosminexus.admin.auth.api.repository.event.SSODataListenerException
- com.cosminexus.admin.auth.api.repository.ldap.config (API parameter)
- com.cosminexus.admin.auth.api.repository.ldap.ObjectClassError
- com.cosminexus.admin.auth.CryptoException
- com.cosminexus.admin.auth.custom.lm (option to be specified for DelegationLoginModule)
- com.cosminexus.admin.auth.custom.modules (custom login module parameter)
- com.cosminexus.admin.auth.gsession.keep_password
- Cosminexus standard login module parameter
- option to be specified for WebPasswordJDBCLoginModule
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- com.cosminexus.admin.auth.jdbc.conn.password (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.conn.retry.count (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.conn.retry.wait (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.conn.url (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.conn.user (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.driver (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.password.encrypt (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.password.encrypt.ex (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.password.type (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.pool.enable (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.pool.gc_interval (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.pool.max (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.pool.max_spare (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.pool.min_spare (JDBC parameter)
- com.cosminexus.admin.auth.jdbc.r (option to be specified for WebPasswordJDBCLoginModule)
- com.cosminexus.admin.auth.jdbc.sql (JDBC parameter)
- com.cosminexus.admin.auth.keep_password
- Cosminexus standard login module parameter
- option to be specified for WebPasswordJDBCLoginModule
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- com.cosminexus.admin.auth.keep_password.encrypt
- Cosminexus standard login module parameter
- option to be specified for WebPasswordJDBCLoginModule
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- com.cosminexus.admin.auth.ldap.attr.password (JNDI parameter)
- com.cosminexus.admin.auth.ldap.attr.userid (JNDI parameter)
- com.cosminexus.admin.auth.ldap.basedn (JNDI parameter)
- com.cosminexus.admin.auth.ldap.certificate.attr.userid (JNDI parameter)
- com.cosminexus.admin.auth.ldap.conn.read_timeout (JNDI parameter)
- com.cosminexus.admin.auth.ldap.conn.retry.count (JNDI parameter)
- com.cosminexus.admin.auth.ldap.conn.retry.wait (JNDI parameter)
- com.cosminexus.admin.auth.ldap.directory.kind (JNDI parameter)
- com.cosminexus.admin.auth.ldap.password.encrypt (JNDI parameter)
- com.cosminexus.admin.auth.ldap.password.encrypt.ex (JNDI parameter)
- com.cosminexus.admin.auth.ldap.pool.enable (JNDI parameter)
- com.cosminexus.admin.auth.ldap.pool.gc_interval (JNDI parameter)
- com.cosminexus.admin.auth.ldap.pool.max (JNDI parameter)
- com.cosminexus.admin.auth.ldap.pool.max_spare (JNDI parameter)
- com.cosminexus.admin.auth.ldap.pool.min_spare (JNDI parameter)
- com.cosminexus.admin.auth.ldap.r
- option to be specified for WebCertificateLoginModule
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- com.cosminexus.admin.auth.ldap.search.scope (JNDI parameter)
- com.cosminexus.admin.auth.ldap.search.userrdn (JNDI parameter)
- com.cosminexus.admin.auth.ldap.w
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- com.cosminexus.admin.auth.param_check.enable (Cosminexus standard login module parameter)
- com.cosminexus.admin.auth.realm
- option to be specified for DelegationLoginModule
- option to be specified for WebCertificateLoginModule
- option to be specified for WebPasswordJDBCLoginModule
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- option to be specified for WebSSOLoginModule
- com.cosminexus.admin.auth.sfo.disable (trace parameter)
- com.cosminexus.admin.auth.sso (option to be specified for WebSSOLoginModule)
- com.cosminexus.admin.auth.sso.encrypt (single sign-on parameter)
- com.cosminexus.admin.auth.sso.keyfile (single sign-on parameter)
- com.cosminexus.admin.auth.sso.ldap.r
- option to be specified for WebSSOLoginModule
- single sign-on parameter
- com.cosminexus.admin.auth.sso.ldap.w
- option to be specified for WebPasswordLDAPLoginModule
- option to be specified for WebPasswordLoginModule
- option to be specified for WebSSOLoginModule
- single sign-on parameter
- com.cosminexus.admin.auth.sso.lm (single sign-on parameter)
- com.cosminexus.admin.auth.sso.param.pubdat (single sign-on parameter)
- com.cosminexus.admin.auth.sso.param.secdat (single sign-on parameter)
- com.cosminexus.admin.auth.sso.param.userid (single sign-on parameter)
- com.cosminexus.admin.auth.trace.level (trace parameter)
- com.cosminexus.admin.auth.trace.prefix (trace parameter)
- com.cosminexus.admin.auth.trace.rotate (trace parameter)
- com.cosminexus.admin.auth.trace.size (trace parameter)
- com.cosminexus.admin.common.ConfigError
- com.cosminexus.admin.common.FormatError
- com.cosminexus.admin.common.ParameterError
- com.cosminexus.admin.common.UAException
- com.sun.jndi.ldap.connect.timeout (JNDI parameter)
- communication path security level, selecting
- configuration file
- creating
- example of setting
- configuration file parameter used by login modules
- container security
- convpw
- Cosminexus HTTP Server, SSL setup with
- Cosminexus standard login module
- overview of
- user authentication mechanism based on
- Cosminexus standard login module parameter
- cosminexus.xml, configuring properties of application that does not contain
- CSV file
- basic specifications
- containing single sign-on authentication information
- specification example
- custom login module
- custom login module
- custom login module
- examples of implementing
- invoking
- points to remember when implementing
- custom login module parameter
- (D)
- defining DD example
- integrated user management
- session failover functionality
- defining GSInfoKey-RW
- integrated user management
- session failover functionality
- defining GSInfoLengthMax
- integrated user management
- defining GSInfoLengthMax
- session failover functionality
- DelegationLoginModule
- DelegationLoginModule class
- DIT structure
- of single sign-on information repository
- of user information repository
- (E)
- EJB client application
- API for implementation of
- security implementation in
- encrypt method
- encryption key file
- changing
- creating
- creating
- creating (when using single sign-on)
- enhanced encryption support
- Enterprise Bean security identities
- Enterprise Bean security role reference, defining
- exception classes
- API used with integrated user management framework
- for APIs
- for JAAS login modules
- (F)
- file, deploying
- firewall
- firewall
- firewall
- Flag (option of JAAS configuration file)
- format of functional descriptions
- functionality
- associated manuals
- associated system purposes
- classifications of
- for application execution infrastructure
- for operating and maintaining application execution infrastructure
- of application server
- (G)
- getAlias method
- getAttribute method
- getAttribute method
- getAttributeEntries method
- getAttributeEntries method
- getAttributeName method
- getAttributeNames method
- getAttributeNames method
- getAttributes method
- getAttributes method
- getException method
- getListeners method
- getLoginInfoManager method
- getMapping method
- getMappingRealms method
- getName method
- getObjectClasses method
- getOldPublicData method
- getOldSecretData method
- getOption method
- getPassword method
- getPublicData method
- getPublicData method
- getRequest method
- getRequest method
- getRequest method
- getResponse method
- getResponse method
- getResponse method
- getSecretData method
- getSession method
- getSSOData method
- getSSODataListeners method
- getSubcontext method
- getSubcontext method
- getSubjectID method
- getTagEntry method
- getTagEntry method
- getTagEntry method
- getTagID method
- getTagID method
- getTagID method
- getUserData method
- getUserID method
- getUserId method
- (H)
- handle method
- handle method
- handle method
- handle method
- hasMore method
- hasMoreElements method
- (I)
- IDS
- implementing
- API-based login session
- API-based logout session
- API-based session to obtain user IDs
- API-based user authentication
- custom login module-based user authentication
- enhanced support of authentication password encryption
- login and logout when using session failover functionality
- session to register successfully authenticated subject to HttpSession
- tag library-based user authentication
- user authentication when using session failover functionality
- individual user management, association between integrated user management framework and
- integrated user management
- commands used in
- details of commands used in
- files used by
- list of commands used in
- list of files used by
- management method of user information used for
- process flow
- process flow when using
- integrated user management configuration file
- integrated user management framework
- integrated user management framework
- integrated user management framework
- API provided by
- API used with
- association between individual user management and
- implementation of user authentication based on
- libraries
- repository DIT structure in
- tag library used with
- integrated user management function, procedures used to setup
- integrated user management-based authentication
- intrusion detection system
- intrusion detection system
- intrusion detection system
- (J)
- J2EE server runtime protection provided by SecurityManager functionality
- JAAS
- JAAS configuration file
- JAAS configuration file definition, example of
- jaas.conf
- creating
- reloading
- jaas.conf
- example of setting
- JAAS-based user management
- JAAS-based user management
- Java Authentication and Authorization Service (JAAS)-based user authentication, overview of
- java.naming.provider.url (JNDI parameter)
- java.naming.security.credentials (JNDI parameter)
- java.naming.security.principal (JNDI parameter)
- JavaVM property, setting up
- javax.net.ssl.trustStore (load balancer definition property file key)
- javax.net.ssl.trustStore (load balancer definition property file key)
- javax.net.ssl.trustStorePassword (load balancer definition property file key)
- javax.net.ssl.trustStorePassword (load balancer definition property file key)
- javax.security.auth.login.AccountExpiredException
- javax.security.auth.login.CredentialExpiredException
- javax.security.auth.login.FailedLoginException
- javax.security.auth.login.FailedLoginException
- javax.security.auth.login.LoginException
- javax.security.auth.login.LoginException
- JDBC parameter
- JNDI parameter
- JSP security role reference, defining
- JSP tag library
- (L)
- lb.ACOS.privilegedexec.password (load balancer connection configuration property file key)
- lb.ACOS.privilegedexec.password (load balancer connection configuration property file key)
- lb.API.protocol (load balancer connection configuration property file key)
- lb.API.protocol (load balancer connection configuration property file key)
- lb.host (load balancer definition property file key)
- lb.host (load balancer definition property file key)
- lb.password (load balancer definition property file key)
- lb.password (load balancer definition property file key)
- lb.persistence.cookie-insert.templatename (load balancer definition property file key)
- lb.persistence.cookie-insert.templatename (load balancer definition property file key)
- lb.port (load balancer definition property file key)
- lb.port (load balancer definition property file key)
- lb.properties
- lb.protocol (load balancer definition property file key)
- lb.protocol (load balancer definition property file key)
- lb.timeout (load balancer definition property file key)
- lb.timeout (load balancer definition property file key)
- lb.type (load balancer definition property file key)
- lb.type (load balancer definition property file key)
- lb.user (load balancer definition property file key)
- lb.user (load balancer definition property file key)
- LB-information-distinguished-name.properties
- LDAP directory server
- connection failover by multiplexing
- installing
- registering user information to
- setting up
- LDAP directory server multiplexing
- example configuration of
- example configuration of (multi-master configuration)
- LdapSSODataManager class
- LdapSSODataManager constructor
- LdapUserDataManager class
- LdapUserDataManager constructor
- LdapUserEnumeration interface
- line operation
- LINK_xxxx
- listUsers method (syntax 1)
- listUsers method (syntax 1)
- listUsers method (syntax 2)
- listUsers method (syntax 2)
- load balancer
- controlling via operation management functionality
- directly accessing through API
- that employs API-based direct connections, files used to control
- that employs API-based direct connections, list of files used to control
- load balancer definition property file
- login (when using session failover functionality)
- login method
- login module name (option of JAAS configuration file)
- login state
- checking (when using session failover functionality)
- how to check
- login user ID, registering
- LoginInfoManager class
- LoginModule interface, points to remember when implementing
- LoginUtil class
- logout (when using session failover functionality)
- logout method
- (M)
- management portal-based integrated user management operation
- management portal-based repository management
- method permission
- security definition
- setting
- Microsoft IIS setup (in Web redirector environments)
- modifySSOData method
- modifyUserData method
- ModuleOptions (option of JAAS configuration file)
- (N)
- next method
- nextElement method
- (O)
- object class, extending
- ObjectClassEntry class
- ObjectClassEntry constructor
- OPERATION
- options
- to be specified for DelegationLoginModule
- to be specified for WebCertificateLoginModule
- to be specified for WebPasswordJDBCLoginModule
- to be specified for WebPasswordLDAPLoginModule
- to be specified for WebSSOLoginModule
- other parameters
- (P)
- password
- changing
- encrypting
- PasswordCryptography interface
- PasswordUtil class
- Principal interface
- Principal object, points to remember when implementing
- program security
- PUBLICDATA
- (R)
- realm
- realm
- realm
- realm name
- determining
- REALMNAME
- registering
- login user IDs
- users
- removeAttribute method
- removeAttribute method
- removeMapping method
- removeSSOData method
- removeSSODataListener method
- removeUserData method
- resource monitoring (integrated user management)
- reverse proxy server
- role
- registering
- registering to users
- setting
- Run As functionality
- (S)
- SECRETDATA
- secure system, considerations in design of
- security definition
- method permission
- security identity
- security identity
- authentication setup with
- authentication with
- JSP
- security definition
- servlet
- settings of
- security identity functionality
- security role
- server management command-based
- setting up
- security role reference, defining
- server authentication
- server management command
- application setup by using
- security role setup by using
- servlet security role reference, defining
- session failover functionality
- inheritance of login state using
- session and authentication information that can be inherited by
- session timeout logout (when using session failover functionality)
- sessions
- custom login module
- integrated user management
- managed in integrated user management
- types of
- setAlias method
- setAttributeEntries method
- setAttributeEntries method
- setAttributeName method
- setException method
- setMapping method
- setName method
- setObjectClasses method
- setOption method
- setPassword method
- setPassword method
- setPublicData method
- setRequest method
- setRequest method
- setRequest method
- setResponse method
- setResponse method
- setResponse method
- setSecretData method
- setSession method
- setSubcontext method
- setSubcontext method
- setSubjectID method
- setTagEntry method
- setTagEntry method
- setTagEntry method
- setTagID method
- setTagID method
- setTagID method
- setup
- <security-constraint> element
- <security-identity> element
- setUserID method
- single sign-on
- single sign-on
- example of supporting (when using custom login module)
- example of supporting (when using standard login module)
- single sign-on information repository
- referencing
- registering
- single sign-on library
- positioning of
- single sign-on parameter
- single sign-on repository
- size method
- size method
- SPI, association between API and
- SSL accelerator
- SSL accelerator
- SSL certificate, acquiring
- SSL encryption
- of authentication information
- of data
- SSL, encryption with
- SSL/TLS encryption
- of authentication information
- of data
- SSOData class
- SSOData constructor
- ssoDataAdded method
- SSODataEvent class
- SSODataEvent constructor
- SSODataListener interface
- SSODataListenerException class
- SSODataListenerException constructor
- ssoDataModified method
- ssoDataRemoved method
- ssoexport
- ssogenkey
- ssoimport
- system configurations for ensuring security
- (T)
- tag library
- list of tags contained in
- used with integrated user management framework
- tier-side load balancer connection configuration property file
- tierlb.properties
- (U)
- ua.conf
- creating
- example of setting (in UNIX)
- example of setting (in Windows)
- uachpw
- uachpw command
- user
- registering
- registering roles to
- setting
- user authentication library
- positioning of
- user authentication repository
- user authentication, overview of Java Authentication and Authorization Service (JAAS)-based
- user definition attributes, extending
- user entry structure
- user IDs registered in integrated user management sessions, deleting
- user information
- definition file for acquiring
- definition file for adding or modifying
- formatting used to register
- formatting used to register
- managing
- registering
- registering (when using single sign-on)
- registering by using commands
- registering by using commands
- registering by using integrated user management framework library
- registering by using integrated user management framework library
- user information repository
- user mapping
- user mapping
- definition file for
- user mapping function
- UserAttributes interface
- UserData class
- UserData constructor
- USERID
- (V)
- validity period
- of JAAS user authentication
- of user authentication
- virtual server manager-side load balancer connection configuration property file
- (W)
- Web container-based authentication functionality using DD settings
- Web container-based authentication using DD settings
- web server, authentication functionality of
- Web Services Security functionality, SOAP message encryption with
- WebCertificateCallback class
- WebCertificateCallback constructor
- WebCertificateHandler class
- WebCertificateHandler constructor
- WebCertificateLoginModule
- WebCertificateLoginModule class
- WebLogoutCallback class
- WebLogoutCallback constructor
- WebLogoutHandler class
- WebLogoutHandler constructor
- WebPasswordCallback class
- WebPasswordCallback constructor
- WebPasswordHandler class
- WebPasswordHandler constructor
- WebPasswordJDBCLoginModule
- WebPasswordJDBCLoginModule class
- WebPasswordLDAPLoginModule
- WebPasswordLDAPLoginModule class
- WebPasswordLoginModule
- WebPasswordLoginModule class
- webserver.connector.redirect_https.port
- WebSSOCallback class
- WebSSOCallback constructor
- WebSSOHandler class
- WebSSOHandler constructor
- WebSSOLoginModule
- WebSSOLoginModule class
- work procedure document
All Rights Reserved. Copyright (C) 2013, Hitachi, Ltd