[jboss-cvs] JBossAS SVN: r80302 - projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Oct 31 00:51:58 EDT 2008
Author: irooskov at redhat.com
Date: 2008-10-31 00:51:57 -0400 (Fri, 31 Oct 2008)
New Revision: 80302
Modified:
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml
Log:
updated with fied JIRAs and policy file addition information
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml 2008-10-31 04:41:33 UTC (rev 80301)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml 2008-10-31 04:51:57 UTC (rev 80302)
@@ -86,6 +86,13 @@
echo " "
echo "================================================================="
## End of Common Criteria configuration </screen></example>
+
+<formalpara>
+ <title>Policy file configuration</title>
+ <para>
+ Users and administrators are free to add their own permission blocks to the policy file, however the permissions that are shipped with the JBoss Enterprise Application Platform cannot change; doing so will invalidate the certification.
+ </para>
+</formalpara>
</section>
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml 2008-10-31 04:41:33 UTC (rev 80301)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml 2008-10-31 04:51:57 UTC (rev 80302)
@@ -29,6 +29,9 @@
<listitem>
<para>EJBs and associated method names can be protected from
invocation by subjects.</para>
+ <para>
+ In order to disable the EJB service, remove the <filename>ejb3.deployer</filename> folder from the production server deploy directory.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -36,6 +39,10 @@
<listitem>
<para>Message queue destinations and topic destinations can be
protected from access by subjects.</para>
+
+ <para>
+ In order to disable the JMS service, remove the <filename>jboss-messaging.sar</filename> folder from the production server deploy directory.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -43,6 +50,9 @@
<listitem>
<para>Plain Old Java Objects (POJOs) deployed as Servlets and
Session Beans can be protected from access by subjects.</para>
+ <para>
+ In order to disable Web Services, remove the <filename>jboss-web.deployer</filename> folder from the production server deploy directory.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -50,9 +60,16 @@
<listitem>
<para>The JMX invokers can be protected by validating the role
of the authenticated user.</para>
+ <para>
+ IIn order to disable the JMS service, remove the <filename>jmx-console.war</filename> folder from the production server deploy directory.
+ </para>
</listitem>
</varlistentry>
</variablelist>
+ <para>
+
+ Removal and deployment can be conducted while the server is running. In order to remove any of the mentioned services from opperation, delete the relevant folder for each from the production deploy directory located at <filename>/EnterprisePlatform-4.3.0.GA_CP03/jboss-as/server/production/deploy/</filename>. Contrast to this, to start a service move the folder for the service into the depoy directory. For more information refer to the <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Deployment">Deployment chapter</ulink> of the Server Configuration Guide.
+ </para>
</section>
<section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Audit">
@@ -256,6 +273,10 @@
<para>Password quality can be enforced with configuration options for
the JAAS modules provided by JBoss EAP.</para>
+
+ <para>
+ For information on how to configure the JAAS modules, refer to the <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Defining_Security_Domains-Using_JBoss_Login_Modules">Using JBoss Login Modules</ulink> section of the Server Configuration Guide.
+ </para>
<section id="Common_Criteria_Guide-authentication-User_Credentials_in_RMI">
<title>Developer Advice for User Credentials in Remote Method Invocation (RMI)</title>
More information about the jboss-cvs-commits
mailing list