JBoss Enterprise Application Platform 4.3

Common Criteria Configuration Guide

JBoss Enterprise Application Platform

Edition 4.3.3

Red Hat

Darrin Mison

Red Hat Engineering Content Services

Isaac Rooskov

Red Hat Engineering Content Services

Joshua Wulf

Red Hat Engineering Content Services

Legal Notice

Copyright © 2008 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.


This book describes the configuration of JBoss EAP 4.3 used for the Common Criteria security evaluation
1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. Getting Help and Giving Feedback
2.1. Do You Need Help?
2.2. Give us Feedback
1. Introduction
1.1. Purpose of this Document
1.2. What is a Common Criteria Compliant System?
2. Requirements for the Evaluated Configuration
2.1. Software Requirements
2.1.1. Java Virtual Machine
2.1.2. Operating System
2.1.3. Database Servers
2.2. Physical Requirements
2.3. Personnel Requirements
2.4. Connectivity Requirements
2.4.1. Cluster Connectivity Requirements
2.5. Configuration Requirements
2.5.1. Setup Configuration
2.5.2. Configuring Audit Logging
2.5.3. Security Configuration
2.5.4. Database Configuration
2.5.5. Required changes to the included JSM policy
2.5.6. Guidance on Configuring Java Security Permissions
3. Downloading and Verifying the Packages
3.1. Verify the Authenticity of the Download Site.
3.2. Downloading JBoss EAP from the Red Hat JBoss Customer Support Portal
3.3. Downloading JBoss EAP from the Red Hat Network
3.3.1. JBoss Enterprise Middleware (All)
3.3.2. Red Hat Enterprise Linux AS 4, ES 5, Server 5
3.4. Verifying the Downloaded Files
3.5. Installing the Security Notice CVE-2009-0027 patch
3.6. Confirming the Version of your JBoss EAP Installation
4. Launching the JBoss EAP Server
4.1. Starting the JBoss EAP Server
4.2. Enabling the Java Security Manager
5. Development Guide for the Common Criteria Certified System
5.1. Enterprise Application
5.2. General Restrictions
5.3. Developer Advice for User Credentials in Remote Method Invocation (RMI)
6. Overview of the Security Functions
6.1. Access Control
6.2. Audit
6.2.1. Enabling Additional Logging
6.3. Clustering
6.4. Identification and Authentication
6.5. Transaction Rollback
A. RPM Listings for a Red Hat Enterprise Linux 4 installation
B. RPM Listings for a Red Hat Enterprise Linux 5 installation
C. Port Configuration in JBoss EAP
D. Required Java Security Manager Policy File
E. Revision History