LdapExtLoginModule LdapExtLoginModule The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an alternate ldap login module implementation that uses searches for locating both the user to bind as for authentication... 
JBoss Authorization Framework JBoss Authorization Framework is using authorization modules in JAAS similar fashion to perform authorization decision. Modules can be stacked on top of each other using JAAS like options for controlling behav... 
GenericHeaderBasedAuthentication Topic: Integrate 3rd party security products/systems with JBoss Security when the authentication results are passed as http request headers. Usecase:If the user has configured Siteminder/RSA Clea... 
Masking Passwords in JBossAS XML Configuration Return to JBoss AS Security Dashboard <<< DZone: http://server.dzone.com/articles/security-features-jboss-510-0 Background Nobody likes the idea of seeing passwords in t... PicketBox XACML (JBossXACML) PicketBox XACML (Formerly JBossXACML) PicketBox XACML (Formerly JBossXACML) Source Code Current Version Features Download Documentation Container Integration XACML Profiles SAML v2.... Security Vulnerabilities Notification to Community Page listing all the security vulnerabilities in JBoss community projects, for the benefit of the community. Page listing all the security vulnerabilities in JBoss community projects, for the benefit o... Keystore formats: JKS and PEM cheatsheet General commands 1. create JKS keystore keytool -genkey -alias localhostkey -keystore localhost.keystore -storepass password \ -keypass password -dname "CN=localhost,OU=QE,O=example.com,L=Brno,C=CZ" 2... 
Simple way to lock up your JBoss AS instance JBoss AS is distributed by default as not secured (locked up). If you want to work with locked up version you can try this easy way. Download Groovy script (source code at https://github.com/pskopek/sec-scri... JACC on JBoss AS7 Support for Java Authorization Contract for Containers (JACC) - JSR-115 - has been added to AS7. Common Configuration To add JACC authorization for an application, configure the security domain to used to inclu... Security With JBoss Application Server Dashboard Return to "Security At JBoss Dashboard" Main dashboard for all links associated with the security of JBoss Application Server. Security Features JBoss Application Server v6.x (Informa... Web Authentication using HTTP Request Parameters Sometime you desire to perform authentication of web applications hosted on JBoss Application Server using any of the HTTP request aspects. It can be headers, cookies or request parameters. There are two ways ... PicketBox XACML : Simple Walk through This article will function as a short primer to get started with PicketBox XACML (formerly known as JBossXACML). We still use the names interchangeably in our documentation/blog posts. Wiki Article (one ... PicketBox XACML v2.0.6.Final released http://anil-identity.blogspot.com/2011/04/picketbox-xacml-v206final-released.html XACML RBAC Locator XACML RBAC Locator Since Concepts To Remember Requirements for this Locator Configuration Config File Variant 1 Variant 2 Examples of Policy Sets Role Policy Sets (RPS) Employee M... Tips: Byteman usage Recently I spent hours trying to create 2 new maven artifacts (two jars, one containing compiled classes and another containing source codes) by combining 3 other maven artifacts using maven-assembly-plugin. I can not... 
How to use LdapExtLoginModule for role mapping only in JBoss EAP5.1? There are some situations where you want to authenticate an user against a database or using X509 certificates and then assign roles according to the mapping in a different backend, for example a LDAP server. JBoss h... Security in JBoss Application Server v5.x Return to "Security in JBoss Application Server Dashboard" This article summarizes the links for Security in JBoss AS v5.x Features Simplified Security Domain Configuration Security Audit... How to set up SSL mutual authentication for EJB3s in JBoss EAP 5.1.x? You need to modify deploy/ejb3-connectors-jboss-beans.xml and change the invokerLocator to use a sslsocket instead of a plain socket. Here is an example configuration: <?xml version="1.0" encoding="UTF-8"?&g... OTP Integration with JBoss Application Server WARNING: This is an article in progress. Do not attempt in production.Acknowledgements This feature is Bill Burke's idea. All glory to him. Steps to Follow: Assume you have a JBoss Applicatio... JACC JACC is the Java Authorization for Container Contracts specification. This allows one to externalize the implementation of the java.security.Policy class that is used to authorize the JACC defined permission. The JACC...
Log in to follow, share, and participate in this community.