Cams Administrator's Guide

Security Domain Configuration

The power of the Cams server is unleashed through high-level services that handle user and Cams agent requests. These services are flexibly configured in each security domain's XML-formatted security-domain.xml file. Table 1 summarizes each security domain service.

Service	Description
Authentication Service	Authenticates users according to the login configuration of the enclosing security domain. Authorized Cams agents submit authentication requests and receive authentication responses.
Access Control Service	Hosts the security domain-specific access control policy that controls access to the resources protected by a security domain. Authorized Cams agents submit access control requests and receive access control reponses.
Session Manager Service	Manages sessions corresponding to authenticated users. Sessions keep track of who, when, where, and how users authenticated. Sessions may also contain application-specific data that can be accessed via the session access service.
Session Access Service	Provides the information available within an authenticated user's session to an authorized Cams agent. The session information can be used to customize application behaviour and/or user presentation. It can also be used to by access control rules within the Access Control Service to grant or deny access based on business rules.
Session Control Service	Enables authorized Cams agents to update, close, and expire sessions managed within a Cams server. A common use for this service is to logout a user by closing the associated session.
Service Manager Service	Manages a set of services conforming to the Cams service API, which are available to components within a security domain. Cams ships with some standard services used by login modules to share pooled LDAP connections and access users, passwords, and roles stored within an XML file. Using the Cams service API, you can create reusable services that maintains business state or assist other components hosted within a security domain.

Table 1 - Cams services

With a few exceptions, most of the default values supplied with Cams in security-domain.xml will work for you. This document will help you understand how to configure security-domain.xml. The most common configuration activities that will interest you within security-domain.xml include:

Configuring security domain-wide variables
Configuring a security domain's trace logger
Configuring transaction loggers for each security domain service
Configuring custom services managed by a security domain's service manager

Cams Variables

The following global variables are provided by the Cams server and are always available in every security domain:

cams.home - The fully qualified path to the Cams server installation directory (set based on an environment variable defined within "runcams.bat" or "runcams.sh"). This value is inherited from the Cams server environment and cannot be modified within a security domain.
cams.server.name - The name assigned to the Cams server installation within configuration file: ${cams.home}/conf/cams.conf. This value is used primarily within the system security domain, which control access to services used by Cams agents and cannot be modified.
cams.server.port - The TCP/IP port number on which the Cams server listens for connection by agents as configured in ${cams.home}/conf/cams.conf. This value is used primarily within the system security domain, which control access to services used by Cams agents and cannot be modified.
cams.security-domain.name - The security domain-specific name (set based on the <name> element of a <security-domain> registration), which is inherited from the security domain registry and cannot be modified.
cams.security-domain.home - The security domain-specific home directory (set based on the <home> element of a <security-domain> registration), which is inherited from the security domain registry and cannot be modified.

Security domains can also define their own local variables, which are inherited by all XML configuration files within the security domain. One such variable is defined within the security-domain.xml files shipped with Cams as shown in Example 1.

<security-domain>
  ...
	<var-list>
		<var name="logPrefix" 
			value="${cams.logs.base.dir}/${cams.security-domain.name}"/>
	</var-list>
  ...
</security-domain>

Example 1- The Cams logPrefix variable defined within each Cams security-domain.xml file

The logPrefix variable is used to centralize the location of Cams log files while giving them security domain-specific names. This variable is substituted throughout the remainder of security-domain.xml, where various log files are configured.

Cams Logger Types

Cams has two basic types of loggers: trace loggers and transaction loggers.

A trace logger writes information about the runtime state of Cams services and includes five different levels of messages: DEBUG, INFO, WARNING, ERROR, and FATAL which are summarized in Table 2. It enables you to follow (trace) requests made to a Cams server through the services that handle it. In the case of serious errors, it will log a stack trace, which shows the software context of the error. This information can be important to debugging problems, especially for Cafésoft support representatives. All software components hosted within a security domain log to the same trace logger. The Cams server also has it's own trace logger, which contains information from services that are higher-level than Cams security domains. See Configuring Cams Server for more details on the server-level transaction logger.

Transaction loggers are used by services hosted within a security domain to record transaction-specific requests and responses. For example, a security domain's authentication service records authentication requests and responses, which is quite different from the information logged by an access control service. The format of each transaction log type is detailed within it's corresponding service section below.

Message Level	Description
DEBUG	DEBUG-level are intended primarily for administrators and developers that need to see low-level details while Cams services execute and components are invoked. During normal Cams Server production deployments, DEBUG-level messages are disabled.
INFO	INFO-level messages are used for higher-level messages that help an administrator confirm that Cams services are running as expected. When Cams services start, they log a few INFO-level messages to show the startup status.
WARNING	WARNING-level messages are used to indicate a condition that should not have occurred and may need attention, but are not crucial to the continued, normal operation of Cams.
ERROR	ERROR-level messages indicate a condition that was not expected and threatens the continued operation of Cams. The corresponding condition should be investigated and fixed.
FATAL	FATAL-level messages indicate the most serious of error conditions in which Cams cannot start or cannot continue running. FATAL conditions must be fixed as Cams will either not startup or will shutdown as gracefully as possible.

Table 2 - A summary of Cams message levels

Configuring the Trace Logger

Each Cams security domain configures it's own centralized trace logger, which logs information about the startup, shutdown, warnings, and errors of it's services. If a Cams security domain is misconfigured, fails to load, detects a runtime error, or experiences any other anomaly, a message will be written by this logger. Example 2 shows the XML tag that configures a security domain's trace logger.

<security-domain>
  ...
	<logger 
		className="com.cafesoft.cams.log.CamsTraceLogger"
		filePath="${logPrefix}-trace.log"/>
  ...
</security-domain>

Example 2 - The Cams security domain trace-logger configuration

Table 3 shows properties that can be used to customize a trace logger's behaviour.

Property	Req/Opt	Description
className	Req	The fully qualified name of the Logger class that will be instantiated.
filePath	Req	The fully qualified log file path.
append	Opt	If true new log messages will be appended to the current log file. If false the current log file will be deleted and a new log file will be created. The default value is true.
bufferedIO	Opt	If true the logger will buffer log messages before writing them to the log file. This can significantly improve logging performance. The default value is true.
bufferSize	Opt	Indicates the size of the buffer to fill before writing to the log file. The default value is "4096".
maxSize	Opt	The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the file name is appended with an numeric digit: 1, 2, 3, etc. The default maxSize value is "4MB".
enableConsole	Opt	If true all log statements that are sent to the log file are also sent to the console. The default value is false.
enableDebugFilter	Opt	If true all log statements that have the level "DEBUG" will not be logged. The default value is false.
verbose	Opt	If true all DEBUG, INFO, WARN, ERROR, and FATAL messages logged will contain the following format: [INFO ] Sample log message Class Name: com.cafesoft.cams.log.CamsTraceLogger Method Name: info() Line Number: 121 Timestamp: 25 Jul 2002 11:02:36,339 If false ONLY WARNING, ERROR, and FATAL message level will use the verbose format, while DEBUG and INFO level messages will use the following format: [INFO ] Sample Log Message The default value is false.
debug	Opt	If true the logger will output diagnostic debug statements to the System.err stream. The default value is false.

Table 3 - Properties for configuring a Cams trace logger

Configuring the Authentication Service

The Authentication Service is responsible for validating the identity of a user who accesses protected resources within the security domain.

Login Config Factory

Loads and initializes the security domain's login configuration.

Authentication Pipeline

The authentication pipeline processes authentication requests issued locally or remotely by a Cams agent. This pipeline implements a chain of responsibility pattern that provides strong, configureable control over who can issue authentication requests, and how the response to authentication requests is created.

Authentication Valve

The authentication valve represents a single node within an authentication pipeline. The valve receives an authentication request and can handle the authentication completely, modify or add to the authentication request, or pass the authentication request to the next authentication valve in the chain.

Authentication Log

The Cams authentication log file contains information about successful and unsuccessful authentication requests within a security domain. Example 3 shows how an authentication valve is configured for logging authentication transactions.

<auth-valve
   className="com.cafesoft.security.engine.auth.valves.LogAuthRequestValve">
   <param-list>
      <param name="logPath" value="${logPrefix}-authentication.log"/>
      <param name="maxSize" value="10MB"/>
      <param name="logOnAuthFailure" value="http=username"/>
   </param-list>
   ...
</auth-valve>

Example 3 - The Cams security domain authentication transaction logger

Table 4 shows the configuration parameters that can be used to customize this logger.

Field	Req/Opt	Description
logPath	Req	The path to the authentication transaction log file for the enclosing security domain.
append	Opt	If true, then append new records to an existing log file. If false, then overwrite an existing transaction log when the security domain is started. The default value is "true".
maxSize	Opt	The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the log file name is appended with an numeric digit. The default value is "4MB".
logOnAuthFailure	Opt	A mapping of login-config-entry names to callback value names. On failed authentication, the callback value corresponding to the login-config-entry and callback name is logged. This feature can be used to log the "username" (if supplied) associated with the failed login. The actual callback value name can depend on the login-config-entry and login module(s) configured for that entry. This value is optional, but if not supplied a WARNING is logged to the security domain trace log. The following example shows how security domains containing multiple login-config-entry specifications can be configured: <param name="logOnAuthFailure" value="http=username,ws=x509"/>

Table 4 - Properties for configuring a Cams authentication transaction logger

The authentication transaction log is a comma-delimited text file. Each line corresponds to an authentication request/response pair. Table 5 shows the fields (left to right) defined within this file. If an optional field does not apply, it's value is written as "-" (a dash character).

Field	Req/Opt	Description
remote-address	Req	The IP address of the client.
remote-hostname	Req	The value of this element may be the hostname of the client if (it's address has been resolved by DNS) or the remote IP address of the client (if not resolved by DNS).
date-time	Req	The local date/time of the authentication attempt at the Cams server. Example format: [10/Oct/2000:13:55:36 -0700] . The last value "-0700" represents the offset from universal time (GMT), which enables time comparisons based on absolute time.
app-name	Opt	The name of the application attempting authentication. (This must match a login configuration entry within the security domain's login-config.xml). If this value is not specified, then the default application name "other" is used.
status	Req	The status code of the authentication response: 1 = success, 2 = failed
reason	Opt	If status=2 (authentication failed), a code indicating the reason authentication failed: 1 = general server error 2 = invalid remote IP address 3 = invalid remote host name 4 = unauthorized agent 5 = unknown security domain 6 = unknown login configuration 7 = incomplete or invalid authentication credentials (normal login failure) 8 = unrecoverable error during authentication (runtime exception) 12 = urecoverable error within a callback handler (runtime exception)
session-id	Opt	If status = 1 (authentication succeeded), the ID of the authenticated subject's session.
subject	Opt	If status = 1 (authentication succeeded), the name of the authenticated Subject.

Table 5 - The Cams authentication transaction log fields

Configuring the Access Control Service

The access control service defines the Java classes that control access to the resources protected by a security domain.

Access Control Policy Factory

The access control policy factory specifies the Java class that creates the access control policy that declares the resources protected within a security domain along with the rules for accessing them. Loads and initializes the access control policy. The factory will usually be specific to the persistence format for the configured access control policy. For example, the access control policy might be stored in an XML file, a relational database, an LDAP server, or some other data storage facility.

Access Request Pipeline

The access control pipeline specifies the Java class that processes access requests issued locally or remotely by a Cams agent. This pipeline is composed of a sequence of access control valves, which handle the request using the chain of responsibility design pattern. This enables each access control valve to handle the request altogether or modulate the request for processing by a subsequent valve.

Access Control Value

The access control valve represents a single node within an access control pipeline for handling access requests. The valve receives an access request and can handle the request completely, modify or add to it, or pass the request to the next valve in the chain.

Access Control Log

The Cams access control log file contains information about access control requests made by remote agents on behalf a client wishing to access resources protected by a security domain. Example 4 shows how an access control valve is configured for logging access control transactions.

<access-control-valve
   className="com.cafesoft.security.engine.access.valves.LogAccessControlRequestValve">
   <param-list>
      <param> name="logPath" value="${logPrefix}-access-control.log"/>
   </param-list>
   ...
</access-control-valve>

Example 4 - The Cams security domain access control transaction logger

Table 6 shows the configuration parameters that can be used to customize this logger. Additional name=value pairs can be appended to the value of the params attribute (like this: params="logPath=${cams.home}/logs/system-authentication.log,append=true").

Field	Req/Opt	Description
logPath	Req	The path to the access control transaction log file for the enclosing security domain.
append	Opt	If true, then append new records to an existing log file. If false, then overwrite an existing transaction log when the security domain is started. The default value is "true".
maxSize	Opt	The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the log file name is appended with an numeric digit. The default value is "4MB".

Table 6 - Properties for configuring the Cams access control transaction logger

The access control transaction log is a comma-delimited text file. Each line corresponds to an access control request/response pair. Table 7 shows the fields (left to right) defined within this file. If an optional field does not apply, it's value is written as "-" (a dash character).

Field	Req/Opt	Description
remote-address	Req	The IP address of the client requesting access to the resource.
remote-hostname	Req	The value of this element may be the name of the host requesting access to the resource (if it's address has been resolved by DNS) or the remote IP address of the host (if not resolved by DNS).
date-time	Req	The local date/time of the session access event at the Cams server. Example format: [10/Oct/2000:13:55:36 -0700] . The last value "-0700" represents the offset from universal time (GMT), which enables time comparisons based on absolute time.
session-id	Opt	If an authenticated user session is established, the ID of the session being asserted by the remote agent.
subject	Opt	If a session is being asserted, the name of the Subject being asserted by the remote agent.
resource-type	Req	The type of the resource the client is attempting to access.
resource-id	Req	The identifier of the resource.
resource-actions	Req	The action(s) being requested on the resource. If multiple actions, they are separated by the "and" character (&).
status	Req	The status code of the access response: 1 = success, 2 = failed
reason	Opt	A code indicating the reason access failed/suceeded: 0 = not applicable 1 = general server error 2 = invalid remote IP address 3 = invalid remote host name 4 = unauthorized agent 5 = unknown security domain 6 = unknown resource type 7 = invalid resource identifier 8 = unknown resource action 9 = access denied (unconditionally) 10 = access denied (authentication required) 11 = access denied (session expired) 12 = access denied (access control rule evaluation error) 13 = access denied (confidentiality is required) 14 = access denied (session id invalid) 15 = default bias applied 16 = access denied (unknown login config entry) 17 = access denied (general transport error) 18 = access granted (conditionally) 19 = access granted (unconditionally) 20 = access denied (conditionally)

Table 7 - The Cams access control transaction log fields

Configuring the Session Manager Service

The session manager service manages authenticated user sessions. A session is created on successful user authentication, may be closed explicitly by authorized Cams agents, and expires if inactive for a configurable period. The session manager transaction log records session creation, update, and closure events. The session manager also supports registration of application-specific session event handlers, that can be use to customize the contents of sessions or trigger business processes based on session events.

Example 5 shows the default configuration of the the Cams session manager service.

<session-manager-service
    className="com.cafesoft.security.engine.session.StandardSessionManager">
    <param-list>
        <param name="maxActiveSessions" value="-1"/>
        <param name="inactiveSessionTimeout" value="30"/>
        <param name="sessionCleanupInterval" value="1"/>
        <param name="sessionIdIPAddrValidationMask" value="255.255.255.255"/>
        <param name="sessionIdAlgorithm" value="SHA"/>
        <param name="sessionIdKey" value="secret-key"/>
    </param-list>
    ...
</session-manager-service>

Example 5 - The Cams session manager transaction logger

Table 8 shows the configuration parameters that can be used to configure the session manager service.

Field	Req/Opt	Description
maxActiveSessions	Opt	The maximum number of concurrent active sessions allowed for this SecurityDomain. To specify no maximum use the value -1. The default value is -1.
inactiveSessionTimeout	Opt	The maximum interval (in minutes) an active session is allowed to be inactive before it is expired and removed from the session manager. Value must be greater than 0. The default value is 30 minutes.
sessionCleanupInterval	Opt	The interval (in minutes) the session manager checks and removes expired sessions. Value must be greater than 0. The default value is 1 minute.
sessionIdAlgorithm	Opt	The message digest algorithm to be used for encrypting the session identifier. Valid values include: SHA or MD5. If not specified, SHA is used.
sessionIdIPAddrValidationMask	Opt	A bit mask used to detect possible hijacked Cams session identifers by validating the associated IP address. When the session is created (at authentication time) the IP address of the remote client is associated with the session. For every subsequent access control, session access, and session control request, the IP address associated with the request is validated against the original authentication IP address using the mask to indicate which bits to compare. For example, a mask value of: 255.255.255.255 indicates that the entire IP address must match. A value of 255.255.255.0 validates the first three triplets of the IP address. When supporting web clients accessing resources via the general internet, it may be necessary to loosen IP address validation to support proxy servers or gateway routers that cause subsequent HTTP requests to arrive via different client IP addresses. For example, some commercial ISPs will route HTTP traffic via one network and HTTPS traffic via another causing subsequent requests arriving at a Cams web agent from the same web browser have different remote client IP addresses. The default value is: 255.255.255.255, the most restrictive IP address validation.
sessionIdKey	Req	The key used to encrypt session id's. The default value is "secret-key". It is highly recommended this value be changed to unique value.

Table 8 - Properties for configuring the Cams access control transaction logger

Session Event Handler

Registers a session event handler with the session manager to handle session events.

Session Manager Log

The Cams session manager log file contains information about the sessions created, closed, and expired. (A session is associated with an authenticated subject within a Cams security domain). Example 6 shows the standard Cams session event handler registered to log session events.

<session-event-handler
   className="com.cafesoft.security.engine.session.SessionManagerEventLogger">
   <param-list>
      <param name="logPath" value="${logPrefix}-session-manager.log"/>
   </param-list>
   ...
</session-event-handler>

Example 6- The Cams session manager transaction logger

Table 9 shows the configuration parameters that can be used to customize this logger.

Field	Req/Opt	Description
logPath	Req	The path to the session manager transaction log file for the enclosing security domain.
append	Opt	If true, then append new records to an existing log file. If false, then overwrite an existing transaction log when the security domain is started. The default value is "true".
maxSize	Opt	The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the log file name is appended with an numeric digit. The default value is "4MB".

Table 9 - Properties for defining a Cams session manager transaction logger

Table 10 shows the fields defined within this file.

Field	Req/Opt	Description
session-id	Req	The ID of the authenticated subject's session.
subject	Req	The name of the Subject associated with the session.
remote-address	Req	The IP address of the client associated with the session.
remote-hostname	Req	The value of this element may be the hostname of the client if (it's address has been resolved by DNS) or the remote IP address of the client (if not resolved by DNS).
date-time	Req	The local date/time of the session management event at the Cams server. Example format: [10/Oct/2000:13:55:36 -0700] . The last value "-0700" represents the offset from universal time (GMT), which enables time comparisons based on absolute time.
authentication-time	Req	The local date/time at which authentication occured (which may be slightly different than the time at which the session management event is logged). Example format: [10/Oct/2000:13:55:36 -0700] . The last value "-0700" represents the offset from universal time (GMT), which enables time comparisons based on absolute time.
event-type	Req	The type of event associated with session. Values may include: CREATED - a new session was created due to successful authentication CLOSED - an existing session was closed due to explicit logout EXPIRED - an existing session expired for lack of activity
auth-methods	Opt	If the event type is "CREATED", then a list of authentication methods separated by the "and" character (&). Values may include: urn:oasis:names:tc:SAML:1.0:am:password - (password) urn:ietf:rfc:1510 - (kerberos) urn:ietf:rfc:2945 - (secure remote password) urn:oasis:names:tc:SAML:1.0:am:HardwareToken - (hardware token) urn:ietf:rfc:2246 - (SSL/TLS Certificate-based client authentication) urn:oasis:names:tc:SAML:1.0:am:X509-PKI - (X.509 Public Key) urn:oasis:names:tc:SAML:1.0:am:PGP - (PGP Public Key) urn:oasis:names:tc:SAML:1.0:am:SPKI - (SPKI Public Key) urn:oasis:names:tc:SAML:1.0:am:XKMS - (XKMS Public Key) urn:ietf:rfc:3075 - (XML Digital Signature)

Table 10 - The Cams session manager log fields

Configuring the Session Access Service

The Cams session access service enables session information to be queried by qualified Cams agents.

Session Access Pipeline

The session access pipeline processes session access requests by a Cams agent. This pipeline is composed of a sequence of session access valves, which handle the request using the chain of responsibility design pattern. This enables each session access valve to handle the request altogether or modulate the request for processing by a subsequent valve.

Session Access Valve

The session access valve represents a single node within a session access pipeline for handling access requests. The valve receives a session access request and can handle the request completely, modify or add to it, or pass the request to the next valve in the chain.

Session Access Log

The Cams session access log file contains information about requests for remote access to an authenticated users session. Example 7 shows how a session-access-valve is configured for logging session access transactions.

<session-access-value
   className="com.cafesoft.security.engine.session.access.valves.LogSessionAccessRequestValve">
   <param-list>
      <param> name="logPath" value="${logPrefix}-session-access.log"/>
   </param-list>
   ...
</session-access-valve>

Example 7 - The Cams security domain session access transaction logger

Table 11 shows the configuration parameters that can be used to customize this logger.

Field	Req/Opt	Description
logPath	Req	The path to the session access transaction log file for the enclosing security domain.
append	Opt	If true, then append new records to an existing log file. If false, then overwrite an existing transaction log when the security domain is started.
maxSize	Opt	The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the log file name is appended with an numeric digit. The default value is "4MB".

Table 11 - Properties for configuring the session access transaction logger

Table 12 shows the fields defined within this file.

Field	Req/Opt	Description
session-id	Req	The ID of the session being asserted by the remote host.
subject	Req	The name of the subject being asserted by the remote host.
remote-address	Req	The IP address of the host requesting access to the session. NOTE: This is NOT the IP address of the client associated with the session, rather, the host on which the browser is running.
remote-hostname	Req	The value of this element may be the name of the host requesting access to the session (if it's address has been resolved by DNS) or the remote IP address of the host (if not resolved by DNS).
date-time	Req	The local date/time of the session access event at the Cams server. Example format: [10/Oct/2000:13:55:36 -0700] . The last value "-0700" represents the offset from universal time (GMT), which enables time comparisons based on absolute time.
status	Req	The status code of the session access response: 1 = success, 2 = failed
reason	Opt	If status = 2 (session access failed), a code indicating the reason session access failed: 0 = not applicable 1 = general server error 2 = invalid remote IP address 3 = invalid remote host name 4 = unauthorized agent 5 = unknown security domain 6 = unknown session 7 = unknown subject

Table 12 - The Cams session access log fields

Configuring the Session Control Service

The Cams session control service enables sessions to be updated, closed, expired, etc. by qualified Cams agents.

Session Control Pipeline

The session control pipeline processes session control requests by a Cams agent. Existing sessions can be updated, closed, or expired. This pipeline is composed of a sequence of session control valves, which handle requests using the chain of responsibility design pattern. This enables each session control valve to handle the request altogether, modify the request for processing by a subsequent valve, or ignore it completely.

Session Control Valve

Represents a single node within a session control pipeline for handling session control requests. The valve receives a session control request and can handle the request completely, modify or add to it, or pass the request to the next valve in the chain.

Session Control Log

The Cams session control log file contains information about requests to update, close or expire sessions managed by the security domain's session manager service. A common use for these transactions is to logout an authenticated user by closing the associated session. Example 8 shows how a session-control-valve is configured for logging session-control transactions.

<session-control-value
   className="com.cafesoft.security.engine.session.access.valves.LogSessionControlRequestValve">
   <param-list>
      <param> name="logPath" value="${logPrefix}-session-control.log"/>
   </param-list>
   ...
</session-control-valve>

Example 8 - The Cams security domain session control transaction logger

Table 13 shows the configuration parameters that can be used to customize this logger.

Field	Req/Opt	Description
logPath	Req	The path to the session control transaction log file for the enclosing security domain.
append	Opt	If true, then append new records to an existing log file. If false, then overwrite an existing transaction log when the security domain is started. The default value is "true".
maxSize	Opt	The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the log file name is appended with an numeric digit. The default value is "4MB".

Table 13 - Properties for configuring the Cams session control transaction logger

Table 14 shows the fields defined within this file.

Field	Req/Opt	Description
date-time	Req	The local date/time of the session control request at the Cams server. Example format: [10/Oct/2000:13:55:36 -0700] . The last value "-0700" represents the offset from universal time (GMT), which enables time comparisons based on absolute time.
security-domain-name	Req	The name of the security domain name asserted by the remote host.
subject	Req	The name of the Subject being asserted by the remote host.
action	Req	The requested action, which may be: "CLOSE" or "EXPIRE".
session-id	Req	The ID of the session being asserted by the remote host.
status	Req	The status code of the session control response: 1 = success, 2 = failed
reason	Opt	If status = 2 (session access failed), a code indicating the reason session control failed: 0 = not applicable 1 = general server error 2 = unknown security domain 3 = invalid session id 4 = invalid subject 5 = poisoned session 6 = session does not exist 7 = null session id

Table 14 - The Cams session control log fields

Configuring Service Manager Services

Cams includes predefined services that you configure for use with a security domain. Programmers can also use the Cams Services API to create new services for use by other custom components, like session event handlers, access control rules, etc. This section provides information on how to configure the standard services that ship with Cams and those that might be created by your development staff. See the Cams Programmer's Guide for more details on creating custom Cams services.

By default, the following services are available to each Cams security domain:

LDAP Connection Pool Service - Provides connection pooling for the LDAP login module (required to use the LDAP login module)
Cams XML User Repository Service - Loads and manages the Cams XML user repository file (required to use the XML login module)

You can have any number of services, each nested within the security-domain.xml <service-manager> tag, which has has three attributes:

className="com.cafesoft.core.service.StandardServiceManager"
params=""
debug="false"

You should not need to change the Java class value. However, if you are having difficulty configuring the service, you might set the debug value to true to provide for more verbose log output. There are no parameters.

Services

The <service> tag starts the registration of a Cams service within the scope of the enclosing security domain. It has the following atributes:

id - The unique textual identifier or name by which this service will be referenced.
enabled - A flag to specify if a service is enabled
debug - If set to true, turns debug on for this service

In addition, a service has three required elements:

service-type - Declares the type of service being registered. This value is the fully qualified name of the Java interface class implemented by the service. (See examples 7 and 8 to see how this attribute is used)
service-class - Declares the Java class that implements the Cams service. This value is the fully qualified Java class name which implements the service type)
param-list - A container for a list of service-specific configuration parameters

For example, suppose a developer at your site has created a custom Cams service called EmailNotifier that can send a short textual messages to an e-mail address. Perhaps the service will be used by a session event handler to notify administrators whenever somebody with the admin role successfully authenticates. The same service might be used to notify a customer at logout time of their account status.

Suppose the programmer created the Cams service by writing two classes:

com.myco.message.TextNotifier (a Java interface that extends com.cafesoft.core.service.Service)
com.myco.message.EmailTextNotifier (a Java class that implements interface com.myco.message.TextNotifier and uses SMTP to send a brief text message to an e-mail address)

Example 9 shows how you might register and configure this service for use by other custom components (or other services) within a security domain. This service can be looked up by it's identifier: "email-text-notifier-service" or by it's type: com.myco.message.TextNotifier.

<service id="email-text-notifier-service" enabled="true">
	<service-type>com.myco.message.TextNotifier</service-type>
	<service-class>com.myco.message.EmailTextNotifier</service-class>
	<param-list>
		<param name="smtp.host" value="mail.myco.com">
		<param name="smtp.port" value="25">
		<param name="smtp.from" value="cams@myco.com">
  </param-list>
</service>

Example 9 - An example Cams service manager service registration

If need arises for message to be sent to a pager, Java class: com.myco.message.PagerTextNotifier could be written and the Cams service registration shown in Example 10 could be added to make both e-mail and pager text notification available to components.

<service id="pager-text-notifier-service" enabled="true">
	<service-type>com.myco.message.TextNotifier</service-type>
	<service-class>com.myco.message.PagerTextNotifier</service-class>
	<param-list>
    <param name="phone.from" value="800-555-9191">
  </param-list>
</service>

Example 10 - Another example Cams service manager service registration

The next sections describes the required configuration values for each standard service supplied with Cams.

JDBC Connection Pool Service

The overhead of opening and closing database connections can be quite high. In production or high-volume environments, you can dramatically improve performance by using pooling to share database connections. When a connection is needed, it is borrowed from the pool. When done with the connection, it is returned to the pool for reuse later.

Cams provides a JDBC driver that implements connection pooling. After configuring a connection pool using a service provided by Cams, login modules (and other components that you can plug into Cams) can then obtain pooled connections from the Cams JDBC driver. The pooling JDBC driver does the work of expanding and shrinking the pool of connections within the parameters you configure. It also verifies a connection is still open before returning it. In addition, it also destroys broken connections. Example 11 shows the values you'll need to configure for your site.

<service-manager className="com.cafesoft.core.service.StandardServiceManager">
 ...
 <!-- Register a Jdbc ConnectionPool with the server -->
 <service id="myusersdb-connection-pool" enabled="true">
 <service-type>com.cafesoft.cams.service.JdbcConnectionPoolService</service-type>
 <service-class>com.cafesoft.security.engine.service.JdbcConnectionPoolServiceImpl</service-class>
  <param-list>
   <param name="debug" value="false"/>
   <param name="poolName" value="example-jdbc-pool"/>
   <param name="driver" value="org.hsqldb.jdbcDriver"/>
   <param name="url" value="jdbc:hsqldb:/tmp/example_db"/>
   <param name="user" value="sa"/>
   <param name="password" value=""/>
   <param name="poolUser" value="pool-username"/>
   <param name="poolPassword" value="pool-password"/>
   <param name="initialCapacity" value="1"/>
   <param name="maximumCapacity" value="5"/>
   <param name="minimumCapacity" value="1"/>
   <param name="poolIncrement" value="1"/>
   <param name="allowShrink" value="false"/>
   <param name="shrinkPeriod" value="10"/>
   <param name="refreshPeriod" value="15"/></param-list>
 </service>
 ...
</service-manager>

Example 11 - Configuring a JDBC Connection Pool using a Cams-provided Service

The <service> tag parameter values are:

id - The identity of this service for this security domain. WARNING: The id must match the corresponding serviceId value in the JDBC client or login module configuration file.
enable - Set to true if this service is enabled, false if it is not.

The values <service-type> and <service-class> should not change unless you have created a custom LDAP service.

The <param-list> parameters are:

poolName - the name of the connection pool. The JDBC URL configured with a client such as the JDBC login module will contain this value.
driver - JDBC driver class used to connect with your SQL database. The one shown (org.hsqldb.jdbcDriver) is for the Hypersonic SQL database. If you're using DB2, MySql, Oracle, MSSQL or some other database, substitute this parameter with the appropriate JDBC Driver class.
url - the JDBC URL appropriate the driver configured in step 5.
user and password - credentials authorized to create connections to your SQL database.
initialCapacity - the number of connections created for the pool when this service is started.
maximumCapacity - the maximum number of simultaneous connections that can be managed by the pool.
minimumCapacity - the minimum number of connections that should be managed by the pool.
poolIncrement - the number of connections the pool will be expanded (up to maxCapacity) if all connections are in use.
allowShrink- boolean value that enables to the pool to shrink back to the number of in-use connections or minimumCapacity, which ever is greatest.
shrinkPeriod - the number of minutes between pool shrink attempts.
refreshPeriod - the number of minutes between attempts to verify that connections are still open.
poolUser and poolPassword are the credentials that must be provided by a JDBC client to the Cams pooling JDBC driver to get a connection.

Cams XML User Repository Service

The Cams XML user repository service is intended for use with the XML login module. This service loads a Cams user repository file into memory, and provides methods to lookup user passwords and roles. The service also detects if the Cams user repository file is changed, and reloads if necessary. Example 13 shows the configuration values. Except for the repositoryFilePath, the default values should not change for your site.

<Service id="cams-user-repository" enabled="true">
 <service-type>com.cafesoft.cams.service.UserRepositoryService</service-type>
 <service-class>com.cafesoft.security.engine.service.UserRepositoryServiceImpl</service-class>
 <param-list>
  <param name="repositoryFilePath" value="${cams.home}/conf/domains/system/cams-users.xml"/>
  <param name="repositoryFactoryClass" 
   value="com.cafesoft.security.engine.auth.login.userrepository.XmlUserRepositoryFactory"/>
  <param name="handlerClass" 
   value="com.cafesoft.security.engine.auth.login.userrepository.CamsXmlUserRepositoryHandler"/>
 </param-list>
</service>

Example 13 - Cams XML user repository configuration

The <service> tag parameter values are:

id - The identity of this service for this security domain. WARNING: The id must match the corresponding serviceId value in the XmlLoginModule configuration file.
Enable - Set to true if this service is enabled, false if it is not.

The values <service-type> and <service-class> should not change unless you create a custom XML service.

The <param-list> parameters are:

repositoryFilePath - The fully qualified file path to the user repository file
handlerClass - The fully qualified class name of the Java class that parses the XML user repository file
repositoryFactoryClass - The fully qualified Java class name of the user repository factory

Back | Next | Contents