Log in to follow, share, and participate in this community.
Article LdapExtLoginModule
LdapExtLoginModuleLdapExtLoginModule The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an alternate ldap login module implementation that uses searches for locating both the user to bind as for authentication...
JBoss Authorization FrameworkJBoss Authorization Framework is using authorization modules in JAAS similar fashion to perform authorization decision. Modules can be stacked on top of each other using JAAS like options for controlling behav...
GenericHeaderBasedAuthenticationTopic: Integrate 3rd party security products/systems with JBoss Security when the authentication results are passed as http request headers. Usecase:If the user has configured Siteminder/RSA Clea...
Article Masking Passwords in JBossAS XML Configuration
Masking Passwords in JBossAS XML ConfigurationReturn to JBoss AS Security Dashboard <<< DZone: http://server.dzone.com/articles/security-features-jboss-510-0 Background Nobody likes the idea of seeing passwords in t...
Article Security Vulnerabilities Notification to Community
Security Vulnerabilities Notification to CommunityPage listing all the security vulnerabilities in JBoss community projects, for the benefit of the community.
Page listing all the security vulnerabilities in JBoss community projects, for the benefit o...
Article Simple way to lock up your JBoss AS instance
Simple way to lock up your JBoss AS instanceJBoss AS is distributed by default as not secured (locked up). If you want to work with locked up version you can try this easy way. Download Groovy script (source code at https://github.com/pskopek/sec-scri...
JACC on JBoss AS7Support for Java Authorization Contract for Containers (JACC) - JSR-115 - has been added to AS7. Common Configuration To add JACC authorization for an application, configure the security domain to used to inclu...
Article Security With JBoss Application Server Dashboard
Security With JBoss Application Server DashboardReturn to "Security At JBoss Dashboard" Main dashboard for all links associated with the security of JBoss Application Server. Security Features JBoss Application Server v6.x (Informa...
Article Web Authentication using HTTP Request Parameters
Web Authentication using HTTP Request ParametersSometime you desire to perform authentication of web applications hosted on JBoss Application Server using any of the HTTP request aspects. It can be headers, cookies or request parameters. There are two ways ...
PicketBox XACML : Simple Walk throughThis article will function as a short primer to get started with PicketBox XACML (formerly known as JBossXACML). We still use the names interchangeably in our documentation/blog posts. Wiki Article (one ...
XACML RBAC LocatorXACML RBAC Locator
Since
Concepts To Remember
Requirements for this Locator
Configuration
Config File
Variant 1
Variant 2
Examples of Policy Sets
Role Policy Sets (RPS)
Employee
M...
Tips: Byteman usageRecently I spent hours trying to create 2 new maven artifacts (two jars, one containing compiled classes and another containing source codes) by combining 3 other maven artifacts using maven-assembly-plugin. I can not...
Article How to use LdapExtLoginModule for role mapping only in JBoss EAP5.1?
How to use LdapExtLoginModule for role mapping only in JBoss EAP5.1?There are some situations where you want to authenticate an user against a database or using X509 certificates and then assign roles according to the mapping in a different backend, for example a LDAP server. JBoss h...
Security in JBoss Application Server v5.xReturn to "Security in JBoss Application Server Dashboard" This article summarizes the links for Security in JBoss AS v5.x Features Simplified Security Domain Configuration Security Audit...
Article How to set up SSL mutual authentication for EJB3s in JBoss EAP 5.1.x?
How to set up SSL mutual authentication for EJB3s in JBoss EAP 5.1.x?You need to modify deploy/ejb3-connectors-jboss-beans.xml and change the invokerLocator to use a sslsocket instead of a plain socket. Here is an example configuration: <?xml version="1.0" encoding="UTF-8"?&g...
Article OTP Integration with JBoss Application Server
OTP Integration with JBoss Application ServerWARNING: This is an article in progress. Do not attempt in production.Acknowledgements This feature is Bill Burke's idea. All glory to him. Steps to Follow: Assume you have a JBoss Applicatio...
JACCJACC is the Java Authorization for Container Contracts specification. This allows one to externalize the implementation of the java.security.Policy class that is used to authorize the JACC defined permission. The JACC...