I have developed a test application and have some custom authentication going on. In order to get my custom authentication to work, I obviously needed to add my security domain to the login-config.xml file. This is working fine.
I have looked at some of the examples in the JBossBook though, and in those examples, the jar file also contains a custom MBean SecurityConfigMBean, etc. which allows the login-config.xml snippet for the application to be deployed in the SAR, which is, in turn, deployed in the JAR, rather than having to edit the "global?" login-config.xml file in the conf directory.
I would really like to be able to deploy everything inside the JAR file, rather than having to modify the login-config.xml file separately, but do I have to do this by creating a custom MBean? I would have thought this was functionality that would be built-in to JBoss.
What is the best practise here?
The SecurityConfigMBean example allows for this. The org.jboss.security.auth.login.DynamicLoginConfig service found in 3.2.4RC1 does as well.