Version 1

    JBoss Authorization Framework is using authorization modules in JAAS similar fashion to perform authorization decision.

     

    Modules can be stacked on top of each other using JAAS like options for controlling behaviour of the whole stack (Required, Requisite, Sufficient and Optional).

    Details could be found here:   http://docs.oracle.com/javase/7/docs/api/javax/security/auth/login/Configuration.html

     

    Authorization Modules:

     

    Each authorization module has to implement org.jboss.security.authorization.AuthorizationModule interface.

     

    AbstractAuthorizationModule base authorization module which has to be overridden and provides facility for delegating to other authorization modules.  

     

    DelegatingAuthorizationModule default authorization module that delegates the decision making to the configured delegates. Shortcut in configuration WildFly "Delegating".

     

    AllDenyAuthorizationModule simple authorization module that always denies an authorization request. No configuration options available. Shortcut in WildFly configuration "DenyAll".

     

    AllPermitAuthorizationModule simple authorization module that always permits an authorization request. No configuration options available. Shortcut in WildFly configuration "PermitAll".

     

    JACCAuthorizationModule this module enforces JACC semantics usigh two delegates (WebJACCPolicyModuleDelegate for web container authorization requests and EJBJACCPolicyModuleDelegate for EJB container requests). No configuration options available. Shortcut in WildFly configuration "JACC".

     

    XACMLAuthorizationModule this module enforces XACML autorization using two delegates for web and  EJB containers (WebXACMLPolicyModuleDelegate and EJBXACMLPolicyModuleDelegate). This module creates PDP object based on registered policies evaluates web or EJB request against it. Shortcut in WildFly configuration "XACML".

    Nice example of using XACMLAuthorozationModule can be found here:  https://community.jboss.org/wiki/ProtectingEJBwebserviceswithXACMLAbeginnerstutorial

    Note that this example is for JBoss AS5/6, but could be easily transformed to AS7/WildFly 8.

     

    WebAuthorizationModule is default web authorization module with the default tomcat authorization logic (permitt all). Shortcut WildFly in configuration "Web".