[jboss-cvs] JBossAS SVN: r80302 - projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Oct 31 00:51:58 EDT 2008 

Author: irooskov at redhat.com
Date: 2008-10-31 00:51:57 -0400 (Fri, 31 Oct 2008)
New Revision: 80302

Modified:
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml
   projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml
Log:
updated with fied JIRAs and policy file addition information


Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml	2008-10-31 04:41:33 UTC (rev 80301)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Configuration.xml	2008-10-31 04:51:57 UTC (rev 80302)
@@ -86,6 +86,13 @@
 echo "                                                                 " 
 echo "=================================================================" 
 ## End of Common Criteria configuration </screen></example>
+
+<formalpara>
+	<title>Policy file configuration</title>
+	<para>
+		Users and administrators are free to add their own permission blocks to the policy file, however the permissions that are shipped with the JBoss Enterprise Application Platform cannot change; doing so will invalidate the certification. 
+	</para>
+</formalpara>
         
     </section>
 

Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml	2008-10-31 04:41:33 UTC (rev 80301)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Security_Features.xml	2008-10-31 04:51:57 UTC (rev 80302)
@@ -29,6 +29,9 @@
                 <listitem>
                     <para>EJBs and associated method names can be protected from 
                     invocation by subjects.</para>
+	    		<para>
+		    		In order to disable the EJB service, remove the <filename>ejb3.deployer</filename> folder from the production server deploy directory. 
+			</para>
                 </listitem>
             </varlistentry>
             <varlistentry>
@@ -36,6 +39,10 @@
                 <listitem>
                     <para>Message queue destinations and topic destinations can be 
                     protected from access by subjects.</para>
+	    
+	    		<para>
+		  		In order to disable the JMS service, remove the <filename>jboss-messaging.sar</filename> folder from the production server deploy directory. 
+			</para>
                 </listitem>
             </varlistentry>
             <varlistentry>
@@ -43,6 +50,9 @@
                 <listitem>
                     <para>Plain Old Java Objects (POJOs) deployed as Servlets and 
                     Session Beans can be protected from access by subjects.</para>
+	    		<para>
+		    		In order to disable Web Services, remove the <filename>jboss-web.deployer</filename> folder from the production server deploy directory. 
+			</para>
                 </listitem>
             </varlistentry>
             <varlistentry>
@@ -50,9 +60,16 @@
                 <listitem>
                     <para>The JMX invokers can be protected by validating the role 
                     of the authenticated user.</para>
+	    		<para>
+				IIn order to disable the JMS service, remove the <filename>jmx-console.war</filename> folder from the production server deploy directory.
+			</para>
                 </listitem>
             </varlistentry>
         </variablelist>
+	<para>
+		
+		Removal and deployment can be conducted while the server is running. In order to remove any of the mentioned services from opperation, delete the relevant folder for each from the production deploy directory located at <filename>/EnterprisePlatform-4.3.0.GA_CP03/jboss-as/server/production/deploy/</filename>. Contrast to this, to start a service move the folder for the service into the depoy directory. For more information refer to the <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Deployment">Deployment chapter</ulink> of the Server Configuration Guide. 
+	</para>
     </section>
 
     <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Audit">
@@ -256,6 +273,10 @@
 
         <para>Password quality can be enforced with configuration options for 
         the JAAS modules provided by JBoss EAP.</para>
+
+	<para>
+		For information on how to configure the JAAS modules, refer to the <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Defining_Security_Domains-Using_JBoss_Login_Modules">Using JBoss Login Modules</ulink> section of the Server Configuration Guide.
+	</para>
         
         <section id="Common_Criteria_Guide-authentication-User_Credentials_in_RMI">
             <title>Developer Advice for User Credentials in Remote Method Invocation (RMI)</title>

More information about the jboss-cvs-commits mailing list