Managing the controlling assets in a domain  SMAPI updates

Chapter 5: Delegated Administration

Managing security policies

A domain’s security policy interprets the rules for managing security issues, such as auditing and password expiration. Enterprise Security provides a default security policy, which is associated with the domain that contains the root organization. This policy duplicates the functionality of earlier versions of Enterprise Security. The default security policy is implemented by the com.sybase.ep.security.policy.impl.DefaultDomainAssets class.

StepsImplementing a new security policy

  1. Create a JAR file with a class that implements the SecurityPolicy interface.

  2. Add the JAR to the EAServer CLASSPATH.

  3. Add the package name to the value of the sybepsecurity Web application’s com.sybase.jaguar.application.java.classes property:

    1. In Jaguar Manager, expand the folder for the server in which sybepsecurity is installed (typically, Jaguar).

    2. In the Installed Web Application folder, highlight sybepsecurity, right-click, and select Properties.

    3. On the Java Classes tab, append the location of your package to the existing value, which typically is:

      com.sybase.jaguar.application.java.classes=jce1_2_1.jar,
sunjce_provider.jar,US_export_policy.jar,local_policy.jar,
log4j-1.2.8.jar, sybepsecurity_classes.jar,ldapjdk.jar,
jakarta-oro2.jar,com.sybase.ep.security.sessionsvcs.*,
com.sybase.ep.security.epauth.*,
com.sybase.ep.security.authdelegate.*,
com.sybase.ep.security.authorization.*,
com.sybase.ep.security.management.*,
com.sybase.ep.security.cachemgr.*,
com.sybase.ep.security.management.impl.acdbimpl.*,
com.sybase.ep.security.config.*,com.sybase.ep.security.audit.*,
com.sybase.ep.security.policy.*, com.sybase.ep.security.webmgmt.*

      For example, if you create your class in the com.sybase.epstg.security.policy package, append this to the value in the Java Classes tab: 

      ,com.sybase.epstg.security.policy.*

  4. Register the new security policy using Enterprise Security Manager—see “Registering a security policy”.

    Alternately, you can register the new policy using the registerPolicy method of the Configuration remote interface. Pass the fully-qualified class name to registerPolicy.

    You can also use the Configuration remote interface to get a list of all the registered security policies.

  5. Restart your application server.

StepsUpdating an existing security policy

If you update an existing security policy:

  1. Re-create the JAR file with the class that implements the SecurityPolicy interface.

  2. Restart your application server.




Copyright © 2004. Sybase Inc. All rights reserved. SMAPI updates

View this book as PDF