The MCP environment supports an authentication mechanism for groups of usercodes or Java realms, and their associated roles. It supports the JBoss Enterprise Application Platform usage pattern of the Java 2 Platform, Enterprise Edition (J2EE) authentication and role-based access control and uses the native MCP authentication mechanism, USERDATA. A Java realm is defined through Security Center.
The USERDATA Java realm type represents the usercodes configured in the USERDATAFILE on the MCP platform and the roles assigned to these usercodes. Users are authenticated using the usercodes stored in the USERDATAFILE.
To support role-based access control in the application environment, Java realms provide functionality to
-
Authenticate a user, given a user identity and credential.
-
Return the roles assigned a given user identity.
Java realms are targeted initially for the Java environment to support Java 2 Platform, Enterprise Edition (J2EE) authentication and role-based access control in the JBoss Enterprise Application Platform. For more information, see the JBoss Enterprise Application Platform for ClearPath MCP Installation, Administration, and Programming Guide.
A Java realm is a collection of users including their identities, credentials, and roles. In addition, a Java realm is associated with an authentication mechanism. Every MCP Java realm is defined by its realm descriptor, which includes the name, state, and type of the Java realm. Multiple Java realms of each type can be created.
In a Java realm, roles are defined and users are assigned one or more roles. In the J2EE environment, roles are the mechanism for controlling J2EE authorization.
Each Java realm has a state that corresponds to its location in the deployment process: Inactive, Test, Active, and so on. Each Java realm also has attributes that represent specific characteristics for the Java realm type. See Realm Descriptor Attributes for details about the attributes for a USERDATA Java realm type.
Managing a Java Realm
Use the Security Center (MCP Account Management module) to manage Java realms. Security administrators can create, modify, or delete realm descriptors, and administrators with the J2EEADMIN user attribute can view the realm descriptors.
Querying a Java Realm
MCP security administrators or J2EE administrators can perform the following functions:
-
List a realm type.
-
List a realm state.
-
Retrieve a realm descriptor.
-
Retrieve a list of roles in a realm.
-
Retrieve the users assigned to a role.
For procedures to perform these tasks, see the Security Center Help.
