Databases Reference
In-Depth Information
When JAAS authenticates a subject, it first verifies its identity by checking its
credential. If the credential is successfully verified, the authentication framework
associates the credentials, as needed, with the subject, and then adds the prin-
cipals to the subject.
Let's take a look at an object dump of a JAAS subject, which can be extracted
from the diagnostic log file of the BAM Server.
BamSubject: BAM USER ID {2}
User{CLASS[weblogic.security.principal.WLSUserImpl] NAME[test1]}
Anonymous User{null}
Application Role{CLASS[oracle.security.jps.service.policystore.ApplicationRole] NAME[Report Architect] GUID[DBC02C10E55C11DE9F320B856DED04AD] APPLICATION[oracle-bam#11.1.1]}
Group{CLASS[oracle.security.jps.internal.core.principals.JpsAuthentic atedRoleImpl] NAME[authenticated-role] GUID[null] APPLICATION[null]}
BamSubject
is a JAAS subject that represents a BAM user entity, which con-
tains multiple principles. The LDAP user,
test1
, is a principal associated with
this subject, and
Report Architect
is a principal that represents a role,
defined in the
oracle-bam
application scope. The subject can also be propag-
ated to other server components, so that credential validation is only required
once.
Now, you should be familiar with the key JAAS concepts. To learn more about
JAAS, refer to the official
JAAS Reference Guide
at the following URL:
In the rest of the section, the following topics will be covered:
•
Managing users and groups
•
Using an external LDAP Server with BAM