<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jazn-data
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-10_0.xsd"
  schema-major-version="10"
  schema-minor-version="0"
>
<!-- JAZN Realm Data -->
<jazn-realm>
	<realm>
		<name>jazn.com</name>
		<users>
			<user deactivated="true">
				<name>anonymous</name>
				<description>The default guest/anonymous user</description>
			</user>
			<user>
				<name>oc4jadmin</name>
				<display-name>OC4J Administrator</display-name>
				<description>OC4J Administrator</description>
				<credentials>!welcome</credentials>
			</user>
			<user>
				<name>JtaAdmin</name>
				<display-name>JTA Recovery User</display-name>
				<description>Used to recover propagated OC4J transactions</description>
				<credentials>{903}5XazABabDfYnVrkIFsvNhPaJ3zalRvFndq0Sl05Vf0dqUwrL0zMB0Q==</credentials>
			</user>
		</users>
		<roles>
			<role>
				<name>oc4j-administrators</name>
				<display-name>OC4J Admin Role</display-name>
				<description>Administrative role for OC4J</description>
				<members>
					<member>
						<type>user</type>
						<name>oc4jadmin</name>
					</member>
					<member>
						<type>user</type>
						<name>JtaAdmin</name>
					</member>
				</members>
			</role>
			<role>
				<name>oc4j-app-administrators</name>
				<display-name>OC4J Application Administrators</display-name>
				<description>OC4J application-level administrators</description>
				<members>
				</members>
			</role>
			<role>
				<name>users</name>
				<display-name>users</display-name>
				<description>users role for rmi/ejb access</description>
				<members>
				</members>
			</role>
		</roles>
	</realm>
</jazn-realm>
<!-- JACC Repository Data -->
<jacc-repository>
</jacc-repository>
<jazn-policy>
	<grant>
		<grantee>
			<principals>
				<principal>
					<realm-name>jazn.com</realm-name>
					<type>role</type>
					<class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
					<name>jazn.com/oc4j-administrators</name>
				</principal>
			</principals>
		</grantee>
		<permissions>
			<permission>
				<class>oracle.security.jazn.policy.RoleAdminPermission</class>
				<name>jazn.com/*</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.policy.AdminPermission</class>
				<name>oracle.security.jazn.realm.RealmPermission$jazn.com$createrole</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.policy.AdminPermission</class>
				<name>oracle.security.jazn.realm.RealmPermission$jazn.com$modifyrealmmetadata</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.policy.AdminPermission</class>
				<name>oracle.security.jazn.policy.RoleAdminPermission$jazn.com/*$</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.policy.AdminPermission</class>
				<name>oracle.security.jazn.realm.RealmPermission$jazn.com$createrealm</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.policy.AdminPermission</class>
				<name>oracle.security.jazn.realm.RealmPermission$jazn.com$droprealm</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.policy.AdminPermission</class>
				<name>oracle.security.jazn.realm.RealmPermission$jazn.com$droprole</name>
			</permission>
			<permission>
				<class>com.evermind.server.rmi.RMIPermission</class>
				<name>login</name>
			</permission>
			<permission>
				<class>oracle.security.jazn.realm.RealmPermission</class>
				<name>jazn.com</name>
				<actions>modifyrealmmetadata</actions>
			</permission>
			<permission>
				<class>oracle.security.jazn.realm.RealmPermission</class>
				<name>jazn.com</name>
				<actions>createrealm</actions>
			</permission>
			<permission>
				<class>oracle.security.jazn.realm.RealmPermission</class>
				<name>jazn.com</name>
				<actions>dropuser</actions>
			</permission>
			<permission>
				<class>oracle.security.jazn.realm.RealmPermission</class>
				<name>jazn.com</name>
				<actions>droprealm</actions>
			</permission>
			<permission>
				<class>com.evermind.server.AdministrationPermission</class>
				<name>administration</name>
				<actions>administration</actions>
			</permission>
		</permissions>
	</grant>
	<grant>
		<grantee>
			<principals>
				<principal>
					<realm-name>jazn.com</realm-name>
					<type>role</type>
					<class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
					<name>jazn.com/oc4j-app-administrators</name>
				</principal>
			</principals>
		</grantee>
		<permissions>
			<permission>
				<class>com.evermind.server.rmi.RMIPermission</class>
				<name>login</name>
			</permission>
		</permissions>
	</grant>
	<grant>
		<grantee>
			<principals>
				<principal>
					<realm-name>jazn.com</realm-name>
					<type>role</type>
					<class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
					<name>jazn.com/users</name>
				</principal>
			</principals>
		</grantee>
		<permissions>
			<permission>
				<class>com.evermind.server.rmi.RMIPermission</class>
				<name>login</name>
			</permission>
		</permissions>
	</grant>
	<grant>
		<grantee>
			<principals>
				<principal>
					<realm-name>jazn.com</realm-name>
					<type>user</type>
					<class>oracle.security.jazn.spi.xml.XMLRealmUser</class>
					<name>jazn.com/anonymous</name>
				</principal>
			</principals>
		</grantee>
		<permissions>
			<permission>
				<class>com.evermind.server.rmi.RMIPermission</class>
				<name>login</name>
			</permission>
		</permissions>
	</grant>
</jazn-policy>
<!-- Login Module Data -->
<jazn-loginconfig>
	<application>
		<name>oracle.security.jazn.oc4j.CertificateAuthenticator</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.X509LoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
	<application>
		<name>oracle.security.jazn.tools.Admintool</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.RealmLoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
	<application>
		<name>oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.coreid.CoreIDLoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>coreid.name.attribute</name>
						<value>your credential mapping variable name</value>
					</option>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
					<option>
						<name>coreid.resource.operation</name>
						<value>your oreid resource operation</value>
					</option>
					<option>
						<name>coreid.resource.type</name>
						<value>your coreid resource type</value>
					</option>
					<option>
						<name>coreid.name.header</name>
						<value>your http header name variable</value>
					</option>
					<option>
						<name>coreid.resource.name</name>
						<value>your coreid resource name</value>
					</option>
					<option>
						<name>coreid.password.attribute</name>
						<value>your password authentication variable</value>
					</option>
					<option>
						<name>coreid.password.header</name>
						<value>your http header password variable</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
	<application>
		<name>oracle.security.wss.jaas.SAMLAuthManager</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.saml.SAMLLoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>issuer.name.1</name>
						<value>www.oracle.com</value>
					</option>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
	<application>
		<name>oracle.security.jazn.oc4j.DigestAuthenticator</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.digest.DigestLoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
	<application>
		<name>oracle.security.jazn.oc4j.JAZNUserManager</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.RealmLoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
	<application>
		<name>oracle.security.wss.jaas.JAASAuthManager</name>
		<login-modules>
			<login-module>
				<class>oracle.security.jazn.login.module.WSSLoginModule</class>
				<control-flag>required</control-flag>
				<options>
					<option>
						<name>addAllRoles</name>
						<value>true</value>
					</option>
				</options>
			</login-module>
		</login-modules>
	</application>
</jazn-loginconfig>
</jazn-data>
