user manual

ManualsBrandsBorland Software ManualsHome Theater ServerHome Theater Server 6

301

302

303

304

305

306

307

308

309

310

294 BES Developer’s Guide

Security Management with the Security Map

Default Roles

In addition, the <security-map> element enables the definition of a default user

role that can be associated with the appropriate resource role. This default

role would be preferred to if the user role identified at run-time is not found in

the mapping. The default user role is defined in the <security-map> element

with an <user-role> element given a value of "*". For example:

<user-role>*</user-role>

A corresponding <role-name> entry must be included in the <security-map>

element. The following example illustrates the association between a Borland

Enterprise Server user role and a resource role.

<security-map>

<user-role>*</user-role>

<run-as>

<role-name>SHME_OPR</role-name>

</run-as>

</security-map>

The default user role is also used at deployment time if the connection pool

parameters indicate that the Borland Enterprise Server should initialize

connections. The absence of a default user role entry or the absence of a

<security-map> element may prevent the server from creating connections

using container-managed security.

Generating a Resource Vault

To use run-as security mapping as described above, a resource role(s) must

be defined in a vault which is provided to the Borland Enterprise Server. This

is known as the resource vault.

VisiConnect provides a tool, ResourceVaultGen, to create a resource vault

and to instantiate role objects in this vault. A role name and its associated

security credentials are written to the resource vault by ResourceVaultGen. At

this time only credentials of type Password Credential can be written to the

resource vault. The usage of ResourceVaultGen is as follows:

java -Dborland.enterprise.licenseDir=<install_dir/var/domains/base/

configurations/<configuration_name>/mos/<partition_name>/adm> -

Dserver.instance.root=<install_dir/var/domains/base/configurations/

<configuration_name>/mos/<partition_name>/adm/properties/

management_vbroker.properties>

com.borland.enterprise.visiconnect.tools.ResourceVaultGen -rolename

<role_name> -username <user_name> -password <password> -vaultfile <full

path to vault file> -vpwd <vault_password>