Configuring Security Policies for SOA Composites - Oracle SOA Suite 11g Administrator's Topic

Database Reference

In-Depth Information

</member>

</members>

</app-role>

Notice that the SOADesigner role contains preconfigured groups, defined in

the server by default, such as Administrators, SOAAdmin , and BPMWork-

flowAdmin , and implements the or-

acle.security.jps.service.policystore.ApplicationRole class.

Principles available in an identity or a directory server, such as existing organiz-

ational users and groups, can be added to either the logical groups associated

with an application role or explicitly to the application role itself. Chapter 5 , Con-

figuring and Administering Oracle SOA Suite 11g described how to configure an

external LDAP server and map real users to application roles.

Apart from application roles the system-jazn-data.xml file also contains

application policies, which are Java Authentication and Authorization Ser-

vice (JAAS) based policies, to define mapping rules between principals (users,

groups, or application roles) and permissions for accessing protected resources.

Policies registered in the policy store determine the permissions granted to ap-

plication roles. Observe the following snippet from system-jazn-data.xml ,

illustrating how a default application role, that is, SOAOperator is granted the

soadeploy permission to deploy composites to the infrastructure:

<grant>

<class>oracle.security.jps.service.policystore. ApplicationRole</class>

<name> SOAOperator </name>

</principal>

</principals>

</grantee>

Search WWH ::

Custom Search

Home