Do I need to replace all <org.jboss.ejb.plugins.SecurityInterceptor> occurrences in 'standardjboss.xml' or just the ones that are in <container-configuration> elements?
I found some in <container-configuration> and in <invoker-proxy-binding>
Can I find issues related to JACC customization in JBoss documentation (the one I should pay for)?
I read this topic and I still have some questions (I am not a native speaker and I could have missed some points):
- What is the difference between minimal and normal configuration of SecurityService?
- When I replace SecurityInterceptor with the JaasAuthenticationInterceptor, JaccAuthorizationInterceptor pair do I need to replace all SecurityInterceptor elements occurrences (in <container-configuration>, <invoker-proxy-binding> elements)?
Thank you for your help!
Sorry question about <container-configuration>, <invoker-proxy-binding> elements was wrong one (in <invoker-proxy-binding> elements SecurityInterceptor has different package).
Sorry me bad!
Also there is a paragraph in JACC specification:
"The standard security properties mechanism for replacing a default system Policy implementation (see Section 2.1, "Policy Implementation Class") should not be used to replace default system Policy provider with a delegating Policy provider."
For instance I need delegating Policy provider (the one that handels J2EE permissions only) and there is nothing sad in your manual about how I can set my Policy provider without using system properties.
The standard security properties mechanism for replacing a default system Policy is defined in section 2.1 of the jacc spec and entails modification of the vm security properties file. Section 2.7 describes how a the policy should be replaced when the javax.security.jacc.auth.policy.provider system property is defined.
You need to replace all instances of the security interceptor with the jacc interceptor pain to have the jacc permissions enforced.