All of the security examples I have seen for JBoss involve J2EE/EJB container based security. My use of JBoss is to make use of the MBean component model as opposed EJB component model as it offers more flexibility that I need. My question is how do I enforce secure access to components (mbean based) using a declarative security model like J2EE.
The backbone of JBoss is JMX/MBean based so they must enforce security at that level too (outside the EJB container) but I am having a difficult time finding examples/docs on it. I have bought the online docs but they seem to be EJB based somewhat.
I am new to JBoss so I may be completely off base. Any help would be greatly appreciated.
JMX has no meanignful security contract so your on your own and living outside of the spec. The admin/devl guide talks about using the XMBean impl of the ModelMBean to add security on top of a service. See the testsuite/src/resource/jmx/interceptors/secured-xbmean.xml descriptor for another example.