Managing Security and User Access 5-55 access control lists are blank, permission is denied to all users except those with the admin role.

5.7 Oracle Content Server User Information Provider

JpsUserProvider is the default provider for the Oracle Content Server instance to communicate user information and credentials managed through the Oracle WebLogic Server Administration Console. For Oracle Universal Content Management Oracle UCM and the Oracle Content Server instance, it is recommended that you use JpsUserProvider. For details, see Section 4.5.1.2.6, When to Edit JpsUserProvider. If a site is upgrading from an earlier release of Oracle Content Server software and is using Active Directory, LDAP, or Active Directory with LDAP, information about those providers is available in the 10gR3 document Managing Security and User Access. It is strongly recommended that sites upgrade to use JpsUserProvider.

5.8 Additional Oracle Content Server Security Connections

This section provides information about additional security communication connection options for the Oracle Content Server system. It covers the following: ■ Section 5.8.1, About Proxy Connections ■ Section 5.8.2, Credential Mapping ■ Section 5.8.3, Secured Connections to Oracle Content Servers ■ Section 5.8.4, Connections Using the HTTP Protocol

5.8.1 About Proxy Connections

Proxy connections, or connections between Oracle Content Server instances, provide additional levels of security for an Oracle Content Server system through the following functions: ■ Security credentials mapping from one Oracle Content Server instance to another Oracle Content Server instance. ■ Secured named password connections to Oracle Content Server instances password protected provider connections. ■ HTTP protocol communication between Oracle Content Server instances. While it is possible to use both named password connections and HTTP-based Oracle Content Server communication, it is most likely that one type of connection will be Note: If the Oracle Content Server instance has been upgraded from release 10g, empty access control lists will behave differently in release 11g. Release 10g and earlier had the equivalent configuration of AccessListPrivilegesGrantedWhenEmpty=false. The default for release 11g is AccessListPrivilegesGrantedWhenEmpty=false. 5-56 Oracle Fusion Middleware System Administrators Guide for Oracle Content Server more useful. For both types of connections, credentials mapping can provide additional security. Typical uses of the ProxyConnections8 component include the following: ■ To provide the capability to perform archive replication of content items over HTTP or HTTPS. For example, a company has acquired another company, but they do not a have common infrastructure for sharing information. Both companies have a Secure Sockets Layer SSL connection to the Internet. The company wants to share content between the two sites. ProxyConnections can be used to set up a secure Internet connection between the companies servers so that content can be securely accessed from one site, replicated, and archived at the other site. ■ To better restrict access to Oracle Content Server instances by using named passwords to target proxy connections. For example, a company wants to apply additional security to connections coming from one Oracle Content Server instance to another Oracle Content Server instance. Using named passwords, an administrator can restrict access by incoming connections to those with preset proxy connections and named passwords. The ProxyConnections8 component is installed enabled by default with Content Server software.

5.8.2 Credential Mapping