24-10 Oracle Fusion Middleware Application Security Guide The location property of the credential store service shows the directory containing the wallet file: jpsConfig ... serviceInstances serviceInstance name=credstore_file_instance provider=credstore_file_provider property name=location value=store serviceInstance serviceInstances ... jpsConfig The wallet name is always cwallet.sso which is the default file-based Oracle wallet. Java Code Here is the Java SE code that calls the utility program. package demo; import java.io.ByteArrayInputStream; import java.security.AccessController; import java.security.PrivilegedAction; import oracle.security.jps.JpsContext; import oracle.security.jps.JpsContextFactory; import oracle.security.jps.JpsException; import oracle.security.jps.internal.policystore.JavaPolicyProvider; import oracle.security.jps.jaas.JavaPolicy; import oracle.security.jps.service.credstore.Credential; import oracle.security.jps.service.credstore.CredentialAlreadyExistsException; import oracle.security.jps.service.credstore.CredentialFactory; import oracle.security.jps.service.credstore.CredentialStore; import oracle.security.jps.service.credstore.PasswordCredential; import oracle.security.jps.service.policystore.PolicyStore; import oracle.security.jps.service.policystore.PolicyStoreException; import demo.util.CsfUtil; public class CsfApp { set the OPSS policy provider explicitly, as required in a Java SE application static { java.security.Policy.setPolicynew oracle.security.jps.internal.policystore.JavaProvider; } public CsfApp { super; } Note: The default value of location is ., that is, the current directory relative to the location of jps-config-jse.xml. To use a different path, be sure to specify the full path. Developing with the Credential Store Framework 24-11 public static void mainString[] a { perform operation as privileged code JpsContextFactory ctxFactory; try { ctxFactory = JpsContextFactory.getContextFactory; JpsContext ctx = ctxFactory.getContext; CredentialStore store = ctx.getServiceInstanceCredentialStore.class; CsfUtil csf = new CsfUtilstore; 1 - this call is in a doPrivileged block 1 - this should succeed. csf.doPrivilegedCredOperation; 2 - this will also pass since granted all application code necessary permission NOTE: Since this call is not in a doPrivileged block, this call would have failed if CredentialAccessPermission wasnt granted to this class. csf.doCredOperation; } catch JpsException e { e.printStackTrace; } } }

24.7.3 Example 2: Java EE Application with Wallet Store

This example shows a sample Java EE application using wallet credentials. A simple servlet calls the CSF API. The jazn-data.xml File The jazn-data.xml file for this example defines the appropriate permissions needed to access the given credential from the store. The file defines both the codesource permissions and the permissions for different combinations of map name alias and key. Other combinations, or attempts to access the store beyond the permissions defined here, will be disallowed. A fragment of the policy file showing the corresponding policy grant looks like this: grant grantee codesource urlfile:{oracle.deployed.app.dir}MyApp{oracle.deployed.app.ext}url Notes: ■ It is not necessary to replace the JDK-wide policy object. Since the example grant shown conforms to the OPSS XML policy store, it is reasonable to set the policy provider to the OPSS provider. ■ In a Java EE environment for a JRF install for a supported application server, the OPSS policy provider will have been initialized.