Configuring Security with the Borland Enterprise Server Console

You can configure security settings using the Borland Enterprise Server Console. Security is configured at the partition-level, meaning that you must configure security for each partition running on each enterprise server. Each partition can have its own authorization rolemap, authentication policies, and SSL settings. You can use the Borland Enterprise Server Console to:

• Set authorization rolemaps for use by the selected partition
• Set authentication policies
• Enable security and SSL protection
• Set the logging level

Getting Started

To begin configuring security from the Console:

1. Expand the enterprise server tree in the Navigation Pane to expose the partitions running on your server. Select a partition on which you wish to configure security, and right-click its icon.
2. Select Configure from the drop-down list that appears.



3. The Partition Configuration window appears. Select the Security Tab to begin configuring the partition's security specifications.

Security Options

You must enable security for the partition before you can edit its properties. Check the Security Enabled checkbox to enable security. You can also enable SSL support for your partition by checking the Secure Transport (SSL) Enabled checkbox.

Setting the logging level

You set the logging level for for all security-related interactions by selecting a value from the Logging Level drop-down list. The options are:

• 4 - Warning: warning conditions only
• 5 - Notice: conditions that are not error conditions, but which can require special handling
• 6 - Info: informational logging only
• 7 - Debug: this setting is used when contacting Borland Developer Support is necessary. If you are having problems with security, Borland Developer Support can have you select this value in order to troubleshoot your system. It provides no additional logging capabilities without Borland Developer Support's assistance.

Configuring Authentication

Authentication settings are stored in authentication configuration files. You can edit this file by clicking the Authentication button on the partition configuration screen. Once completed, the Edit Authentication Settings window appears.

 

The window functions much like a text-editor. From here you can edit the LoginModules used for the various partition realms to be supported. Information on configuring these realms is provided in the Borland Enterprise Server Developer's Guide, Part V. The Authentication Chapter provides detailed information on the structure and grammar of configuring authentication realms and policies. Once you have finished editing the authentication settings, click OK to save your changes.

Configuring Authorization

Authorization settings are stored in Authorization configuring files. You can edit this file by clicking the Authorization button on the partition configuration screen. Once completed, the Edit Authorization Settings window appears.

Like the Edit Authentication Settings window, it also functions much like a text editor. From here you can edit the rolemap file for your partition. Detailed instructions on configuring the rolemap file for your various authorization domains are given in the Borland Enterprise Server Developer's Guide, Part V. The Authorization Chapter provides detailed information on the structure and grammar of configuring authorization domains and rolemaps.

To create a new authorization rolemap file:

1. Click the Add button in the Edit Authorization Settings Window. You will be prompted to enter a new name for your rolemap file.
2. Alternately, you can select an existing rolemap from the drop-down list and clone it, allowing you to add further authorization roles. Do this by clicking the the Clone button in the Edit Authorization Settings Window. You will be prompted to enter a new name for the cloned rolemap file.
3. Edit the rolemap file as you would if it appeared in a text editor. Be sure to follow the grammar specified in the Authorization Chapter.
4. Click OK when you are finished to save your changes.

To remove an authorization rolemap file:

1. Select the rolemap you wish to remove from the drop-down list.
2. Click the Remove button.

Advanced Security Configuration

You may need to set VisiBroker properties to properly configure your security implementation. The Security Configuration Chapter of the Borland Enterprise Server Developer's Guide provides the steps necessary to fully configure security for your enterprise server. Some of the VisiBroker security settings can be performed from the command-line or programatically using APIs. Most can be performed by editing the VisiBroker configuration file and setting the appropriate properties. See the Security Configuration Chapter for details on the properties that can be set using the Console.

To edit VisiBroker Properties using the Console:

1. Expand the enterprise server tree in the Navigation Pane to expose the partitions running on your server. Select a partition on which you wish to configure security, and right-click its icon.
2. Select Configure from the drop-down list that appears.
3. The Partition Configuration window appears. Select the VisiBroker Tab.



4. Click the Advanced button. The Edit VisiBroker Properties File window appears.



5. Use this window as you would a text-editor. Take special care in editing this file. When you are finished, click OK to save your changes.