Right now we are still using the same format we had in previous versions (except replacing application-policy for security-domain). We are not using FQCN for the login modules. We are using aliases for the class names mapped on the ModulesMap interface. Have in mind that this is likely to change when we finish separating authentication from role mapping in the JAAS login modules.
Have in mind that this is likely to change when we finish separating authentication from role mapping in the JAAS login modules.
What I am trying to make sure of is that the configuration for the domain management is following the same approach as for the AS security domains so when you say this will be changing do you mean before JBoss AS 7 is released?
Yes, we plan to have the new login modules ready for AS7 GA. The way security domains are configured will not change, only the login module's aliases (and implementations).
Thanks will keep that in mind,
Regarding the ModulesMap has there been any consideration regarding making that map cusomtisable? I am just thinking that further additions to JBoss AS my bring in additional LoginModules that are not available by default but that may benefit from being added to the map so that they can be referenced using a simple name.
I haven't put much thought into that. The idea of the map was to include the login modules (and other modules such as authorization, mapping, et cetera) that we provide as part of AS. Other login modules (customer's modules for instance) would be mapped using FQCN but before this can work we need to figure out how to load those classes with the new module classloader since LoginContext (part of JRE) will try and load the class using the TCCL.