user manual

ManualsBrandsBorland Software ManualsHome Theater ServerHome Theater Server 6

301

302

303

304

305

306

307

308

309

310

Chapter 27: Using VisiConnect 293

Security Management with the Security Map

time is found in the mapping, the associated resource role is used to provide

security information for interacting with an EIS.

The use-caller-identity option is used when user identities in the user role

identified at run time are available to the EIS as well. For example, a user

identity, "borland"/"borland", belonging to role "Borland", is available to the

Borland Enterprise Server, and the available EIS, a JDataStore database, has

an identity of "borland"/"borland" available to it. When a Resource Adapter

serving JDataStore is deployed with a Security Map specifying:

<security-map>

<user-role>Borland</user-role>

<use-caller-identity></use-caller-identity>

</security-map>

applications on this server instance which use this JDataStore database can

use use-caller-identity to access it. Note: Due to a limitation currently in

VisiSecure, you must define the caller identity in the resource vault as well as

the user vault.

The run-as option is used when it makes sense to map user identities in the

user role identified at run time to identities in the EIS. For example, a user

identity, "demo"/"demo", belonging to role "Demo", is available to the Borland

Enterprise Server, and the available EIS, an Oracle database, has an identity

of "scott"/"tiger", which is ideal for a demo user. When a Resource Adapter

serving Oracle is deployed with a Security Map specifying:

<security-map>

<user-role>Demo</user-role>

<run-as>

<role-name>oracle_demo</role-name>

<role-description>Oracle demo role</role-description>

</run-as>

</security-map>

and the role "oracle_demo" is defined in the resource vault (see below),

applications on this server instance which use this Oracle database can use

run-as to access it.

When run-as is used, the vault must be provided for VisiConnect to use to

extract the security information for the resource role. A resource role name

and a set of credentials are written to this vault. When VisiConnect loads a

Resource Adapter with a defined Security Map using run-as, it will read in the

credentials for the defined role name(s) from the vault.

Authorization Domain

The <authorization-domain> element in the ra-borland.xml descriptor file

specifies the authorization domain associated with a specified user role. If

<security-map> is set, you should set <authorization-domain> with its associated

domain. If <authorization-domain> is not set, VisiConnect assumes the use of

the default authorization domain. See "Getting Started with Security" in the

Developer's Guide for more information on using authorization domains.