0 Replies Latest reply on May 7, 2012 1:04 PM by karink

    security-domain: configuration for authorization

    karink

      Hi everybody

       

      I was playing around a bit with the security subsystem of JBoss AS 7 (version 7.1.1)

       

      For testing purpose I have configured the following in the standalone.xml file

       

        <security-domain name="other" cache-type="default">

                          <authentication>

                              <login-module code="Simple" flag="required"/>

                          </authentication>

                          <authorization>

                              <policy-module code="DenyAll" flag="required"/>

                          </authorization>

        </security-domain>

       

      In my test app (the quickstart helloworld servlet) I can see that for authentication the org.jboss.security.auth.spi.SimpleServerLoginModule is taken as described here https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration.

      But I cannot see that the class org.jboss.security.authorization.modules.AllDenyAuthorizationModule is loaded or used.

      Is something wrong with my configuration?

       

      Find attached my web.xml file and my standalone.xml file

       

       

       

      Thanks for your help

      Karin