29 May 2007

Configuring DBTable LoginModule

From the OC4J 10.1.3.1 release onwards, we now provide a fully supported login module that authenticates users against entries in a database table.

This is documented here in the J2EE Security Guide for 10.1.3.1: http://download-west.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#sthref417

What the doc mentions, but doesn't show is that you can configure this login module as the security provider using Application Server Control and the Customer Login Module option. Granted, it'd be nice to have a more concise dialog to configure this specific user module, but you can still do it using by supplying the class name yourself and setting all the required properties to configure it.

Here's a screen shot of ASC that shows the configurartion screen with the basic set of required properties.



To reach this screen, click into the application you want to configure, click the Administration tab and then the Security Provider task.

Configuring DB

01 May 2007

Getting an MBeanServer reference with OC4J

Based on some investigative work done this week, a little nugget of information has popped out regarding the best way to get a reference to an MBeanServer from an application deployed to OC4J.

There as two standard methods that can be used to get a reference to an MBeanServer:
When using OC4J, the best approach is to use the newMBeanServer method in preference to the createMBeanServer method.

The newMBeanServer method can be used in two ways:

MBeanServerFactory.newMBeanServer() ;

This will return a reference to the OC4J global MBeanServer that is wrapped with an interceptor that will ensure that all MBeans registered by the application are registered under a domain named after the application, and that all accessed MBeans are either application MBeans, or dependent resources.

MBeanServerFactory.newMBeanServer(String domain);

Will create an application specific MBeanServer with the supplied domain name.