Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 









Oracle Container for Java (OC4J)

Oracle Application Server Tips by Burleson Consulting

The Oracle Container For Java (OC4J) supports the operation of Java Server Pages (JSP), servlets and J2EE applications.  As such, most of the authentication work takes place here.  Oracle 10g JAAS (a.k.a. "JAZN"), is Oracle's implementation of the Java Authentication and Authorization Service (JAAS) standard, which adds PAM-based pluggable authentication and Subject-based, fine-grained authorization to the Java2 platform.  OC4J implements the J2EE JAAS API to facilitate security within the J2EE application.  The two JAAS implementations OC4J provides are JAZN-LDAP and JAZN-XML.  JAZN-LDAP is an implementation of the JAAS API that retrieves user and authorization information securely from Oracle Internet Directory (OID). JAZN-LDAP is particularly useful for applications that have a large user community, for which scalability is a strong requirement.  JAZN-XML is a fast, lightweight implementation of the JAAS API that is based on XML as an encoding mechanism. JAZN-XML allows Java developers to retrieve user and role information securely from operating system files rather than retrieving information from Oracle Internet Directory (as is the case with JAZN-LDAP). JAZN_XML supports lightweight deployments of Oracle9iAS and provides a more secure alternative to principals.xml.  JAZN_XML will usually use the file JAZN-DATA.xml to store and retrieve user data.  To get additional information on using JAAS within you application go to and search on JAAS.


Authentication establishes a network entity?s identity.  An entity could be users or another application.  Entities that access an application are asked for a password, which the application verifies against a user directory.   The user directory can be a file, LDAP directory or Oracle Internet Directory.  The user directory?s job is to store users credentials.  External applications may also need to be authenticated and could either provide passwords or use a digital certificate.  A developer can create a login module that supports whatever authentication method is required.


Authorization is granting an authenticated entity privileges.  Roles are defined within the J2EE application that determine access rights to different objects.  Oracle Application Server 10g support a fully declarative implementation of the J2EE security, which means you can secure your java application without writing code.  Once an entity, such as a user, is authenticated, it is granted a role, or roles, that allow it to access the necessary parts of the application.  These authorizations can be centrally managed in the Oracle Internet Directory or in XML files.  Placing the authorizations in OID allows for centralized management of privileges within an organization.  JAAS and OID also allow you to relate a section of code to a user so that users have the authorization to execute sections of code without being authorized to execute all the code.


Delegation is where an EJB runs with the privileges of a certain user.  This allows a user with limited privileges to execute an EJB, which will execute with a higher authorization to perform some task.  This supports the idea of assigning a user the lowest privilege level necessary to accomplish a task.

Oracle Identity Management

One of the benefits of using the application server Infrastructure is the integration of Oracle Identity Management, which provides a single location for the complete management of users and network entities.  This can greatly reduce the cost of managing large groups of users.  As new users are added to the system, Oracle Identity Management provides a single location for modifying application and system privileges to include account creation and suspension, privilege modification, and attribute management.    Users can be internal company employees, customers, or anyone that requires access to you applications, servers, or network devices.  Oracle 10g Identity Management is comprise of six different products.  The root of Oracle?s Identity Management is the Oracle Internet Directory (OID).  OID is Oracle?s implementation of LDAP ver3.  Oracle?s Single Sign-On is an application that uses OID to authenticate users. .  Single Sign-On (SSO) provides that capability to have a user provide his credentials once and then to automatically authenticate him as he changes applications.  Delegated Administration Services provides application server components with secure access to OID.  Certificate Authority issue and manage X.509v3 compliant certificates to secure email and network connections.  Directory Integration allows integration with other directories (e.g. ADS, SunONE).  And provisioning integration, which provides automatic provisioning of users in the Oracle environment.

This is an excerpt from "Oracle 10g Application Server Administration Handbook" by Don Burleson and John Garmany.

If you like Oracle tuning, you may enjoy the new book "Oracle Tuning: The Definitive Reference", over 900 pages of BC's favorite tuning tips & scripts. 

You can buy it direct from the publisher for 30%-off and get instant access to the code depot of Oracle tuning scripts.


Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster


Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational