This article will describe the Security Configuration facilities available in JBoss AS5.0 and beyond. This applies to JBoss Enterprise Application Platform v5.0 and beyond.
Parsers
There are 3 parsers involved.
- JBossXB based org.jboss.security.authorization.config.SecurityConfigObjectModelFactory (which extends org.jboss.security.auth.login.LoginConfigObjectModelFactory).
- JBoss Microcontainer based parser.
- JavaCC based default JAAS Configuration parser.
Configuration Files
There are 4 types of configuration files where the security domain information may be provided.
- login-config.xml
- DynamicLoginConfigService via jboss-service.xml
- Microcontainer based xxx-jboss-beans.xml
- JDK JAAS config such as auth.conf
login-config.xml
This is the historic configuration file that is provided in the conf directory.
DynamicLoginConfig
More information can be obtained here.
Microcontainer based Configuration
More information here.
JDK JAAS Configuration
Supported but not recommended.
An example auth.conf is here:
other { // Put your login modules that work without jBoss here // jBoss LoginModule org.jboss.security.ClientLoginModule required; // Put your login modules that need jBoss here };
What Configuration can be provided?
You can provide the configuration for authentication, authorization, mapping and audit at the security domain level in login-config.xml, DynamicLoginConfig (via jboss-service.xml) or the new JBossMC based config.
How do all these work?
We instantiate a JDK Configuration class called as XMLLoginConfigImpl that we set as:
Configuration.setConfiguration()
This is our custom Configuration class that includes invoking the appropriate parsers (mainly parsing login-config.xml, DynamicLoginConfig or the JDK JAAS config).
It is set in the JaasSecurityManagerService MBean in the conf/jboss-service.xml
The JBossMC based new configuration is performed by the MC based parsers from here.
Comments