5 Replies Latest reply on Jan 16, 2014 10:22 PM by ybxiang.china

Security domain injection

sviluppatorefico Jan 13, 2014 8:41 AM

Can a security domain to be injected or called through jndi in a EJB? Without annotations I would do manually something as:

private AuthorizationManager authorizationManager = ...

authorizationManager.authorize(resource);

1. Re: Security domain injection

ybxiang.china Jan 15, 2014 10:36 PM (in response to sviluppatorefico)

Why do you want to do so?

why not do it in jboss-ejb3.xml? like this:

<?xml version="1.0" encoding="UTF-8"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="urn:security"
    xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"
    version="3.1"
    impl-version="2.0">

    <assembly-descriptor xmlns="http://java.sun.com/xml/ns/javaee">
        <security:security xmlns:security="urn:security">
            <security:security-domain>ybxiang-forum-jaas-security-domain</security:security-domain>
            <ejb-name>*</ejb-name>
        </security:security>
    </assembly-descriptor>
</jboss:ejb-jar>
Actions
2. Re: Security domain injection

ybxiang.china Jan 15, 2014 10:37 PM (in response to sviluppatorefico)

More info.:
JBoss AS 7.2.0 - Java EE application development - 05.How to configure Security domain and JAAS - part.1 and part.2
Actions
3. Re: Security domain injection

sviluppatorefico Jan 16, 2014 10:18 AM (in response to ybxiang.china)

Hi xiang...thanks for your response... I will use your info to get the the authorizationManager but I would to use the acl manager too. I've seen there is a ACL Provider provided by picketbox in jboss 7 but it seems unreachable. Do you know how take it too or I can only instantiate it (new ACLProviderImpl()) ? More, in the xsd 1.1 definition of the security domain (wildfly/build/src/main/resources/docs/schema/jboss-as-security_1_1.xsd at master · wildfly/wildfly · GitHub) there is the acl configuration, so I could declare in the xml descriptor something as inside the security domain configuration:

                     <acl>
                        <acl-module code="org.jboss.security.acl.ACLProviderImpl" flag="required">
                            <module-option name="strategy" value="org.jboss.security.acl.JPAPersistenceStrategy"/>
                        </acl-module>
                    </acl>

but it seems not be implemented in jboss 7
Actions
4. Re: Security domain injection

ybxiang.china Jan 16, 2014 10:19 PM (in response to sviluppatorefico)

but it seems not be implemented in jboss 7
～～～～～Maybe it is a new feature in wildfly8 (maybe I am wrong), please refer to: WildFly 8.0.0.Beta1 Release Notes

Management Role Based Access Control (RBAC) & Auditing
WildFly can now support organizations with separated management responsibilities and restrictions. Roles represent different sets of permissions such as runtime operation execution, configuration areas that can read or written, and the ability to audit changes and manage users. In addition a new restricted audit log can be enabled including the ability to offload to a secure syslog server.
Actions
5. Re: Security domain injection

ybxiang.china Jan 16, 2014 10:22 PM (in response to sviluppatorefico)

You should search ACL in
      jboss-as-7.2.0.Final\docs\schema
      or
      wildfly-8.0.0.CR1\docs\schema

All officially supported schema are there!
Actions

Go to original post