Package oracle.kv

Interface KVSecurityConstants

All Known Implementing Classes:

KVStoreConfig

public interface KVSecurityConstants

The KVSecurityConstants interface defines constants used for security configuration. These are most commonly use when populating a set if properties to be passed to KVStoreConfig.setSecurityProperties(java.util.Properties), but may be used as a reference when configuring a security property file.

Since:

3.0

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	AUTH_EXT_MECH_PROPERTY	The name of the property to specify the external authentication mechanism to use for client logins.
static java.lang.String	AUTH_KRB_CCACHE_PROPERTY	The name of property to specify the location of the Kerberos credential cache file.
static java.lang.String	AUTH_KRB_KEYTAB_PROPERTY	The name of property to specify the location of the keytab file for Kerberos login.
static java.lang.String	AUTH_KRB_MUTUAL_PROPERTY	The name of property to specify whether to use mutual authentication for Kerberos external login mechanism.
static java.lang.String	AUTH_KRB_REALM_PROPERTY	The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.
static java.lang.String	AUTH_KRB_SERVICES_PROPERTY	The name of property to specify the Kerberos principals for services associated with each helper host.
static java.lang.String	AUTH_PWDFILE_PROPERTY	The name of the property that identifies a password store file containing the password of the user to authenticate.
static java.lang.String	AUTH_USERNAME_PROPERTY	The name of a property to specify a username for authentication.
static java.lang.String	AUTH_WALLET_PROPERTY	The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate.
static java.lang.String	CMD_PASSWORD_NOPROMPT_PROPERTY	The name of property to specify whether to automatically prompt password for command line utilities.
static java.lang.String	JAAS_LOGIN_CONF_NAME	The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration.
static java.lang.String	KRB_MECH_NAME	The value of the AUTH_EXT_MECH_PROPERTY setting that enables the Kerberos login mechanism.
static java.lang.String	SECURITY_FILE_PROPERTY	The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.
static java.lang.String	SSL_CIPHER_SUITES_PROPERTY	The name of the property used to control what SSL/TLS cipher suites are acceptable for use.
static java.lang.String	SSL_HOSTNAME_VERIFIER_PROPERTY	The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS.
static java.lang.String	SSL_PROTOCOLS_PROPERTY	The name of the property used to control what SSL/TLS procotols are acceptable for use.
static java.lang.String	SSL_TRANSPORT_NAME	The value of the TRANSPORT_PROPERTY setting that enables the use of SSL/TLS communication.
static java.lang.String	SSL_TRUSTSTORE_FILE_PROPERTY	The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server.
static java.lang.String	SSL_TRUSTSTORE_TYPE_PROPERTY	The name of the property to identify the type of Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property.
static java.lang.String	TRANSPORT_PROPERTY	The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.

Field Detail

SECURITY_FILE_PROPERTY

static final java.lang.String SECURITY_FILE_PROPERTY

The name of the property that identifies a security property configuration file to be read when a KVStoreConfig is created, as a set of overriding property definitions.

See Also:

Constant Field Values

TRANSPORT_PROPERTY

static final java.lang.String TRANSPORT_PROPERTY

The name of the property used by KVStore to determine the network mechanism to be used when communicating with Oracle NoSQL DB servers.

See Also:

Constant Field Values

SSL_TRANSPORT_NAME

static final java.lang.String SSL_TRANSPORT_NAME

The value of the TRANSPORT_PROPERTY setting that enables the use of SSL/TLS communication. This property has the value "ssl".

See Also:

Constant Field Values

SSL_CIPHER_SUITES_PROPERTY

static final java.lang.String SSL_CIPHER_SUITES_PROPERTY

The name of the property used to control what SSL/TLS cipher suites are acceptable for use. This has the value "oracle.kv.ssl.ciphersuites". The property value is a comma-separated list of SSL/TLS cipher suite names. Refer to your Java documentation for the list of valid values.

See Also:

Constant Field Values

SSL_PROTOCOLS_PROPERTY

static final java.lang.String SSL_PROTOCOLS_PROPERTY

The name of the property used to control what SSL/TLS procotols are acceptable for use. This has the value "oracle.kv.ssl.protocols". The property value is a comma-separated list of SSL/TLS protocol names. Refer to your Java documentation for the list of valid values.

See Also:

Constant Field Values

SSL_HOSTNAME_VERIFIER_PROPERTY

static final java.lang.String SSL_HOSTNAME_VERIFIER_PROPERTY

The name of the property used to specify a verification step to be performed when connecting to a NoSQL DB server when using SSL/TLS. This has the value "oracle.kv.ssl.hostnameVerifier". The only verification step currently supported is the "dnmatch" verifier.

The dnmatch verifier must be specified in the form "dnmatch(distinguished-name)", where distinguished-name must be the NoSQL DB server certificate's distinguished name. For a typical secure deployment this should be "dnmatch(CN=NoSQL)".

See Also:

Constant Field Values

SSL_TRUSTSTORE_FILE_PROPERTY

static final java.lang.String SSL_TRUSTSTORE_FILE_PROPERTY

The name of the property to identify the location of a Java truststore file that validates the SSL/TLS certificates used by the NoSQL DB server. This has the value "oracle.kv.ssl.trustStore". The property setting must be set to an absolute path for the file. If this property is not set, a system property setting of javax.net.ssl.trustStore will be used.

See Also:

Constant Field Values

SSL_TRUSTSTORE_TYPE_PROPERTY

static final java.lang.String SSL_TRUSTSTORE_TYPE_PROPERTY

The name of the property to identify the type of Java truststore that is referenced by the SSL_TRUSTSTORE_FILE_PROPERTY property. This is only needed if using a non-default truststore type, and the specified type must be a type supported by your Java implementation. This has the value "oracle.kv.ssl.trustStoreType".

See Also:

Constant Field Values

AUTH_USERNAME_PROPERTY

static final java.lang.String AUTH_USERNAME_PROPERTY

The name of a property to specify a username for authentication. This has the value "oracle.kv.auth.username".

See Also:

Constant Field Values

AUTH_WALLET_PROPERTY

static final java.lang.String AUTH_WALLET_PROPERTY

The name of the property that identifies an Oracle Wallet directory containing the password of the user to authenticate. This is only used in the Enterprise Edition of the product. This has the value "oracle.kv.auth.wallet.dir".

See Also:

Constant Field Values

AUTH_PWDFILE_PROPERTY

static final java.lang.String AUTH_PWDFILE_PROPERTY

The name of the property that identifies a password store file containing the password of the user to authenticate. This has the value "oracle.kv.auth.pwdfile.file".

See Also:

Constant Field Values

AUTH_EXT_MECH_PROPERTY

static final java.lang.String AUTH_EXT_MECH_PROPERTY

The name of the property to specify the external authentication mechanism to use for client logins. If this property is set, the client will be authenticated using the specified external mechanism, otherwise the internal login mechanism will be used.

Currently, the only supported external login mechanism is: "KERBEROS".

See Also:

Constant Field Values

KRB_MECH_NAME

static final java.lang.String KRB_MECH_NAME

The value of the AUTH_EXT_MECH_PROPERTY setting that enables the Kerberos login mechanism. This property has the value "KERBEROS".

See Also:

Constant Field Values

AUTH_KRB_SERVICES_PROPERTY

static final java.lang.String AUTH_KRB_SERVICES_PROPERTY

The name of property to specify the Kerberos principals for services associated with each helper host. Setting this property is required if, as recommended, each host uses a different principal that includes its own principal name. All principals should specify the same service and realm. If this property is not set, the client will use "oraclenosql" as the principal name for services on all helper hosts.

Each entry should specify the helper host name followed by the Kerberos service name, and optionally an instance name and realm name. The entries are separated by commas, ignoring spaces. If any entry does not specify a realm, each entry will use the default realm specified in Kerberos configuration file. If any entry specifies a realm name, then all entries must specify the same one. The syntax is:

 host:service[/instance[@realm]][, host:service[/instance[@realm]]]*
 

For example:

 host37:nosql/host37@EXAMPLE.COM, host53:nosql/host53@EXAMPLE.COM
 

See Also:

Constant Field Values

AUTH_KRB_KEYTAB_PROPERTY

static final java.lang.String AUTH_KRB_KEYTAB_PROPERTY

The name of property to specify the location of the keytab file for Kerberos login. This property has the value "oracle.kv.auth.kerberos.keytab". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting the JAAS_LOGIN_CONF_NAME security property.

If this property is not specified when authenticating with security properties, then authentication will be performed via the credentials cache, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If neither a keytab or a credentials cache is specified, then login will try the default credential cache and then the default keytab.

The default location of the keytab file is specified by the Kerberos configuration file. If the keytab is not specified there, then the system looks for the file:

user.home/krb5.keytab

See Also:

Constant Field Values

AUTH_KRB_REALM_PROPERTY

static final java.lang.String AUTH_KRB_REALM_PROPERTY

The name of property to specify the Kerberos realm for the user principal if using a short name to specify the client login principal.

See Also:

Constant Field Values

AUTH_KRB_CCACHE_PROPERTY

static final java.lang.String AUTH_KRB_CCACHE_PROPERTY

The name of property to specify the location of the Kerberos credential cache file. This property has the value "oracle.kv.auth.kerberos.ccache". This property is used when all authentication parameters are provided by security properties, and must not be set if the application specifies a JAAS login configuration by setting the JAAS_LOGIN_CONF_NAME security property.

If this property is not specified when authenticating with security properties, then authentication will be performed via the keytab, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If both a keytab and a credentials cache are not specified, then login will try the default credential cache and then the default keytab.

The default location of the credential cache is /tmp/krb5cc_uid, where the uid is a numeric user identifier. If the credential cache is not found there, the system will look for the file:

user.home/krb5cc_user.name

See Also:

Constant Field Values

AUTH_KRB_MUTUAL_PROPERTY

static final java.lang.String AUTH_KRB_MUTUAL_PROPERTY

The name of property to specify whether to use mutual authentication for Kerberos external login mechanism. Kerberos will perform mutual authentication if the property is set to true, and will not be performed if it is set to false or if it is not set.

See Also:

Constant Field Values

JAAS_LOGIN_CONF_NAME

static final java.lang.String JAAS_LOGIN_CONF_NAME

The name of property to specify the configuration entry name in the JAAS login configuration file when the application specifies credentials using JAAS login configuration. If not set, then all authentication parameters need to be provided by security properties.

See Also:

KerberosCredentials, Constant Field Values

CMD_PASSWORD_NOPROMPT_PROPERTY

static final java.lang.String CMD_PASSWORD_NOPROMPT_PROPERTY

The name of property to specify whether to automatically prompt password for command line utilities. If it is set to false or is not set, command line utilities will prompt for password automatically if given user name and password are not specified or unable to authenticate successfully. If the property is set to true, command line utilities will not prompt for passwords, and the login will fail if either the user or password is missing, or if the password is incorrect.

See Also:

Constant Field Values