db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1074163 - in /db/derby/docs/trunk/src/devguide: cdevbabejgjd.dita cdevcsecure41285.dita cdevcsecure863446.dita cdevcsecure864242.dita
Date Thu, 24 Feb 2011 14:30:56 GMT
Author: chaase3
Date: Thu Feb 24 14:30:55 2011
New Revision: 1074163

URL: http://svn.apache.org/viewvc?rev=1074163&view=rev
Log:
DERBY-4990 Documentation should state a custom security policy being required to use LDAP
in conjunction with network driver

Modified 4 Dev Guide topics.

Patches: DERBY-4990-2.diff

Modified:
    db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure41285.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure863446.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita

Modified: db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita?rev=1074163&r1=1074162&r2=1074163&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita Thu Feb 24 14:30:55 2011
@@ -132,6 +132,11 @@ or the JMX Instrumentation and Agent Spe
 <dd>Trusts <ph conref="../conrefs.dita#prod/productshortname"></ph> code
to be
 the source of MBeans and to register these in the MBean server.</dd>
 </dlentry><dlentry>
+<dt>permission java.net.SocketPermission "localhost:389", "connect,resolve";</dt>
+<dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> code
to
+contact the LDAP server to perform authentication. This permission must be
+granted to <codeph>derby.jar</codeph>. Port 389 is the default LDAP port.</dd>
+</dlentry><dlentry>
 <dt>permission java.sql.SQLPermission "callAbort";</dt>
 <dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> code
to call
 the <codeph>java.sql.Connection.abort</codeph> method. This permission must be

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure41285.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure41285.dita?rev=1074163&r1=1074162&r2=1074163&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure41285.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure41285.dita Thu Feb 24 14:30:55 2011
@@ -31,9 +31,20 @@ authentication</indexterm></indexterm></
 </metadata></prolog>
 <conbody>
 <p>The runtime library provided with the Java Development Kit (JDK) includes
-libraries that allow you to access an LDAP directory service.</p>
+libraries that allow you to access an LDAP directory service. See the API
+documentation for the <i>javax.naming.ldap</i> package at
+<xref format="html" href="http://download.oracle.com/javase/6/docs/api/" 
+scope="external">http://download.oracle.com/javase/6/docs/api/</xref>, the
+LDAP section of the JNDI tutorial at
+<xref format="html" href="http://download.oracle.com/javase/tutorial/jndi/ldap/" 
+scope="external">http://download.oracle.com/javase/tutorial/jndi/ldap/</xref>,
+and the LDAP section of the JNDI specification at
+<xref format="html" href="http://download.oracle.com/javase/1.5.0/docs/guide/jndi/spec/jndi/jndi.5.html#pgfId=999241"
+scope="external">http://download.oracle.com/javase/1.5.0/docs/guide/jndi/spec/jndi/jndi.5.html#pgfId=999241</xref>.
+</p>
 <p>To use an LDAP directory service, set <i>derby.authentication.provider</i>
to
-<i>LDAP</i>.</p>
+<i>LDAP</i> and specify appropriate permissions in your security policy
+file.</p>
 <p>Examples of LDAP service providers include the 389 Directory Server and
 OpenLDAP.</p>
 </conbody>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure863446.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure863446.dita?rev=1074163&r1=1074162&r2=1074163&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure863446.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure863446.dita Thu Feb 24 14:30:55 2011
@@ -19,19 +19,28 @@ See the License for the specific languag
 limitations under the License.
 -->
 <concept id="cdevcsecure863446" xml:lang="en-us">
-<title>Setting up Derby to use your LDAP directory service</title>
+<title>Setting up <ph conref="../conrefs.dita#prod/productshortname"></ph>
to
+use your LDAP directory service</title>
 <shortdesc>When specifying LDAP as your authentication service, you must specify
 what LDAP server to use.</shortdesc>
 <prolog></prolog>
 <conbody>
 <ul>
-<li><i>derby.authentication.server</i>   <p>Set the property <i>derby.authentication.server</i>
to
+<li><p>Set the property <i>derby.authentication.server</i> to
 the URL to the LDAP server. For example:</p> 
 <codeblock>derby.authentication.server=ldap://godfrey:389/</codeblock>
 <p>The LDAP server may be specified using just the server name, the server name
-and its port number separated by a colon, or a ldap URL. If a full URL is not provided, 
-Derby will by default use unencrypted LDAP - to use SSL encrypted LDAP an URL
-starting with "ldaps://" must be provided.</p>
-<p>Also note that support for ldaps:// URLs requires that Derby runs on Java 1.4.2
or higher.</p>
-</li> </ul> </conbody>
+and its port number separated by a colon, or an "ldap" URL. If a full URL is not
+provided, <ph conref="../conrefs.dita#prod/productshortname"></ph> will by
+default use unencrypted LDAP. To use SSL encrypted LDAP, a URL starting with
+"ldaps://" must be provided. For details on the
+<i>derby.authentication.server</i> property, see the
+<ph conref="../conrefs.dita#pub/citref"></ph>.</p>
+</li> 
+<li><p>Grant <i>java.net.SocketPermission</i> to <codeph>derby.jar</codeph>,
so
+that the <ph conref="../conrefs.dita#prod/productshortname"></ph> code is
+allowed to contact the LDAP server to perform the authentication. See 
+<xref href="cdevbabejgjd.dita#cdevbabejgjd"></xref> for more information.</p>
+</li>
+</ul> </conbody>
 </concept>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita?rev=1074163&r1=1074162&r2=1074163&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita Thu Feb 24 14:30:55 2011
@@ -32,8 +32,11 @@ you configured the external authenticati
 </keywords>
 </metadata></prolog>
 <conbody>
-<p>The list of supported properties can be found in Appendix A: JNDI Context
-Environment in the Java Naming and Directory API at <synph><var>http://java.sun.com/products/jndi/reference/api/index.html</var></synph>.
+<p>The list of supported properties can be found in Appendix A: JNDI Standard
+Environment Properties in the Java Naming and Directory API at 
+<xref format="html" 
+href="http://download.oracle.com/javase/1.5.0/docs/guide/jndi/spec/jndi/properties.html"
+scope="external">http://download.oracle.com/javase/1.5.0/docs/guide/jndi/spec/jndi/properties.html</xref>.
 The external directory service must support the property.</p>
 <p>Each JNDI provider has its set of properties that you can set within the <ph
 conref="../conrefs.dita#prod/productshortname"></ph> system.</p>



Mime
View raw message