24-12 Oracle Fusion Middleware Application Security Guide codesource grantee permissions permission classoracle.security.jps.service.credstore.CredentialAccessPermission class namecontext=SYSTEM,mapName=pc_map,keyName=name actionsread,writeactions permission permission classoracle.security.jps.service.credstore.CredentialAccessPermission class namecontext=SYSTEM,mapName=gc_map,keyName=gc_keyname actionswriteactions permission permissions grant Note that the first map and key permissions enable both read and write operations; the second enable write operations but not reads. jps-config.xml File A portion of the default configuration file jps-config.xml showing the credential store configuration is as follows: jpsConfig serviceProviders serviceProvider type=CREDENTIAL_STORE name=credstoressp class=oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider descriptionSecretStore-based CSF providerdescription serviceProvider serviceProviders serviceInstances serviceInstance name=credstore provider=credstoressp property name=location value=. serviceInstance serviceInstances jpsContexts default=default jpsContext name=default ... serviceInstanceRef ref=credstore ... jpsContext jpsContexts jpsConfig The location property specifies the wallet location; this specification is essentially the same as in Example 1, except that in this example the wallet is located inside the configuration directory. The wallet name is always cwallet.sso. Java Code package demo; import demo.util.CsfUtil; import java.io.IOException; import java.io.PrintWriter; Developing with the Credential Store Framework 24-13 import java.net.URL; import java.util.Date; import javax.servlet.; import javax.servlet.http.; import oracle.security.jps.JpsException; import oracle.security.jps.service.JpsServiceLocator; import oracle.security.jps.service.credstore.CredentialStore; public class CsfDemoServlet extends HttpServlet { private static final String CONTENT_TYPE = texthtml; charset=windows-1252; public void initServletConfig config throws ServletException { super.initconfig; } public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException, IOException { response.setContentTypeCONTENT_TYPE; PrintWriter out = response.getWriter; ServletOutputStream out = response.getOutputStream; try { response.setContentTypetexthtml; out.printlnhtmlbody bgcolor=\FFFFFF\; out.printlnbCurrent Time: b + new Date.toString + brbr; This is to get hold of app-level CSF service store Outside app context, this call returns domain-level CSF store This call also works in Java SE env final CredentialStore store = JpsServiceLocator.getServiceLocator.lookupCredentialStore.class; CsfUtil csf = new CsfUtilstore; csf.doPrivilegedCredOperation; out.printlnCredential operations completed using privileged code.; } catch JpsException e { e.printStackTraceout; } } } The credential create operation is conducted using privileged code. The success of the operation can be verified by using the WLST listCred command: listCredmap=pc_map, key=pc_key Note About Java SE Environment In the Java SE environment, the following calls are equivalent: CredentialStore store = JpsServiceLocator.getServiceLocator.lookupCredentialStore.class; and: CredentialStore store =