Built by Maven

Security domains

Check the following example blocks of code in order to configure Security Domains.

In order to create Security Domains using RapidDeploy the first thing you need is to set the installation flag:

installSecDomain = "true"

By default this flag is "false".

For the following properties you need to use the proper suffix, starting with "_1" and incrementing by 1 ("_2", "_3", "_4", etc.):

secDomainName_1
secDomainDescription_1 = ""

Properties without a value assigned are mandatory properties while the ones with a value assigned determine the default value.

Assigned Scopes

secDomainMapResources_1 = []

This property declares a list of strings representing the objects to map, examples are:

secDomainMapResources_1 = ['Cell=:']
secDomainMapResources_1 = ['Cell=:SIBus=TestBus']
secDomainMapResources_1 = ['Cell=:ServerCluster=cluster01']
secDomainMapResources_1 = ['Cell=:ServerCluster=cluster01', 'Cell=:SIBus=TestBus']

Security Attributes

For the following sections there is a "sdCustom*_1" variable to enable a custom configuration or not:

  • If not set, the current configuration will not be affected (by default).
  • To enable a custom configuration set it to "true".
  • To disable a custom configuration set it to "false".

Application Security

# sdCustomAppSec_1

sdAppSecurityEnabled_1 = "false"

Java 2 Security

# sdCustomJava2Sec_1

sdEnforceJava2Security_1 = "false"
sdIssuePermissionWarning_1 = "false"
sdEnforceFineGrainedJCASecurity_1 = "false"

User Realm

# sdCustomUserRealm_1

# Possible values: "GlobalWIMUserRegistry", "WIMUserRegistry", "LocalOSUserRegistry", "LDAPUserRegistry", "CustomUserRegistry"
sdActiveUserRegistry_1

Trust Association

# sdCustomTrustAssociation_1

sdEnableTrustAssociation_1 = "false"
sdTrustAssInterceptors_1 = []

The interceptors are defined as a list of strings, e.g.:

sdTrustAssInterceptors_1 = ["Interceptor1", "Interceptor2"]

SPNEGO Web Authentication

# sdCustomSPNEGOWebAuth_1

sdSpnegoKrb5Config_1
sdSpnegoKrb5Keytab_1 = ""
sdSpnegoEnabled_1 = "false"
sdSpnegoDynamicReload_1 = "false"
sdSpnegoAllowAppAuthMethodFallback_1 = "false"

##### SPNEGO Filter ###
sdSpnegoHostName_1
sdSpnegoKrb5Realm_1 = ""
sdSpnegoFilterCriteria_1 = ""
sdSpnegoFilterClass_1 = ""
sdSpnegoSpnegoNotSupportedPage_1 = ""
sdSpnegoNtlmTokenReceivedPage_1 = ""
sdSpnegoTrimUserName_1 = "false"
enabledGssCredDelegate_1 = "false"

RMI/IIOP Security

# sdCustomRMIIIOP_1

### Inbound ###
sdInbEnableAttributePropagation_1 = "true"
sdInbEnableIdentityAssertion_1 = "false"
sdInbTrustedIdentities_1 = ""
sdInbClientCertAuth_1 = "Supported" # Possible values: "Never", "Supported", "Required"
sdInbTransportLayer_1 = "Required" # Possible values: "Never", "Supported", "Required"
sdInbSslConfiguration_1 = "" # SSL alias - Blank for "Centrally managed"
sdInbMessageLevelAuth_1 = "Supported" # Possible values: "Never", "Supported", "Required"
sdInbSupportedAuthMechList_1 = "LTPA|BASICAUTH" # Possible values: "LTPA|BASICAUTH", "LTPA", "BASICAUTH", ""
sdInbStatefulSession_1 = "true"

### Outbound ###
sdOutbEnableAttributePropagation_1 = "true" 
sdOutbEnableIdentityAssertion_1 = "false"
sdOutbUseServerIdentity_1 = "false" 
sdOutbTrustedId_1 = ""
sdOutbTrustedIdentityPassword_1 = ""
sdOutbClientCertAuth_1 = "Never" # Possible values: "Never", "Supported", "Required"
sdOutbTransportLayer_1 = "Required" # Possible values: "Never", "Supported", "Required"
sdOutbSslConfiguration_1 = "" # SSL alias - Blank for "Centrally managed"
sdOutbMessageLevelAuth_1 = "Supported" # Possible values: "Never", "Supported", "Required" 
sdOutbSupportedAuthMechList_1 = "LTPA|BASICAUTH" # Possible values: "LTPA|BASICAUTH", "LTPA", "BASICAUTH", ""
sdOutbStatefulSession_1 = "true" 
sdOutbEnableCacheLimit_1 = "false" 
sdOutbMaxCacheSize_1 = 100 
sdOutbIdleSessionTimeout_1 = 900000 # in milliseconds
sdOutbEnableOutboundMapping_1 = "false"

JAAS Application Logins

For this configuration there is a special use of the suffixes:

  1. The first one represents the Security Domain.
  2. The second one represents the Login Entry to create.
  3. The third one represents the Login Module to create under the Login Entry.

All the suffixes follow the same rule starting with "_1" and increasing by 1 ("_2", "_3", "_4", etc.).

# sdCustomJAASAppLogin_1

sdAppLoginEntryAlias_1_1

sdAppLogModuleName_1_1_1
sdAppLogModuleUseProxy_1_1_1 = "false"
sdAppLogModuleAuthStrategy_1_1_1 = "REQUIRED" # Possible values: "REQUIRED", "REQUISITE", "SUFFICIENT", "OPTIONAL"
sdAppLogModuleCustomProps_1_1_1 = ""

Regarding the Custom Properties, here's an example:

sdAppLogModuleCustomProps_1_1_1 = '["key1=value1","key2=value2"]'

IMPORTANT: You need to surround each property with a double quote (") and the whole list with a single quote (') as in the example.

JAAS System Logins

For this configuration there is a special use of the suffixes:

  1. The first one represents the Security Domain.
  2. The second one represents the Login Entry to create.
  3. The third one represents the Login Module to create under the Login Entry.

All the suffixes follow the same rule starting with "_1" and increasing by 1 ("_2", "_3", "_4", etc.).

# sdCustomJAASSystemLogin_1

sdSystemLoginEntryAlias_1_1

sdSystemLogModuleName_1_1_1
sdSystemLogModuleUseProxy_1_1_1 = "false"
sdSystemLogModuleAuthStrategy_1_1_1 = "REQUIRED" # Possible values: "REQUIRED", "REQUISITE", "SUFFICIENT", "OPTIONAL"
sdSystemLogModuleCustomProps_1_1_1 = ""

Regarding the Custom Properties, here's an example:

sdSystemLogModuleCustomProps_1_1_1 = '["key1=value1","key2=value2"]'

IMPORTANT: You need to surround each property with a double quote (") and the whole list with a single quote (') as in the example.

JAAS J2C Authentication Data

For this configuration there is a special use of the suffixes:

  1. The first one represents the Security Domain.
  2. The second one represents the Authentication Data to create.

All the suffixes follow the same rule starting with "_1" and increasing by 1 ("_2", "_3", "_4", etc.).

# sdCustomJAASJ2CAuthData_1

sdAuthDataAlias_1_1
sdAuthDataUser_1_1
sdAuthDataPass_1_1
sdAuthDataDesc_1_1 = ""

Java Authentication SPI (JASPI)

For this configuration there is a special use of the suffixes:

  1. The first one represents the Security Domain.
  2. The second one represents the JASPI Provider to create.

All the suffixes follow the same rule starting with "_1" and increasing by 1 ("_2", "_3", "_4", etc.).

# sdCustomJaspi_1

sdJaspiEnable_1 = true
sdDefaultProviderName_1 = ""

sdJaspiProviderName_1_1
sdJaspiProvClassName_1_1
sdJaspiProvDescription_1_1 = "" 
sdJaspiProvCustomProps_1_1 = ""

If you need to write spaces for the description use the following format:

sdJaspiProvDescription_1_1 = '"Example description with spaces"'

Using single and double quotes as shown ('" "').

Regarding the Custom Properties, here's an example:

sdJaspiProvCustomProps_1_1 = "[[key1 value1] [key2 value2]]"

IMPORTANT: You need to follow the format shown and surround the whole list with a double quote (") as in the example.

Authentication Mechanism Attributes

# sdCustomAuthAttr_1

sdQualifiedUserNames_1 = "false"
sdCachedTimeout_1 = 600 # in seconds
sdLTPATimeout_1 = 120

Authorization Provider

# sdCustomAuthzProvider_1

sdUseJACCProvider_1 = "false"

Custom properties

sdCustomProperties_1 = ""

An example of Custom Properties:

sdCustomProperties_1 = '["key1=value1","key2=value2"]'

IMPORTANT: You need to surround each property with a double quote (") and the whole list with a single quote (') as in the example.