Setting up Security in JBoss - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Setting up Security in JBoss

Description:

Setting up Security in JBoss – PowerPoint PPT presentation

Number of Views:218
Avg rating:3.0/5.0
Slides: 11
Provided by: STAF126
Category:

less

Transcript and Presenter's Notes

Title: Setting up Security in JBoss


1
Setting up Securityin JBoss
  • References
  • Getting Started with JBoss, J2EE applications on
    the JBoss 3.2.x Server, Luke Taylor and The
    JBoss Group. http//www.jboss.org/modules/html/doc
    s/jbossj2ee.pdf

2
Security Domains (a.k.a Realms)
  • Implement security policy within the application
    server
  • Based on JAAS
  • See JBoss JAAS How To
  • http//prdownloads.sourceforge.net/jboss/jaashowto
    -32x.zip?download
  • Referenced by DataSources, Web Applications,
    EJBs, etc.
  • Centralizes the management/implementation of
    security within the application server
  • Security domain name mapped to login modules
    within JBOSS_SERVER/conf/login-config.xml

3
Example Reference in DataSource
  • //based on JBOSS_SERVER/deploy/hsqldb_ds.xml
  • ltdatasourcesgt
  • ltlocal-tx-datasourcegt
  • ltjndi-namegtDefaultDSlt/jndi-namegt
  • ltconnection-urlgt
  • jdbchsqldbjboss.server.data.dir/hyperso
    nic/localDB
  • lt/connection-urlgt
  • ltdriver-classgtorg.hsqldb.jdbcDriverlt/driver-
    classgt
  • ltsecurity-domaingtHsqlDbRealmlt/security-domaingt
  • lt/local-tx-datasourcegt
  • lt/datasourcesgt

4
Example Reference in Web Application
  • //based on JBOSS_SERVER/deploy/jmx-console/WEB-IN
    F/jboss-web.xml
  • ltjboss-webgt
  • ltsecurity-domaingtjava/jaas/jmx-consolelt/security-
    domaingt
  • lt/jboss-webgt

5
Example Reference in EJB
  • // EJB/META-INF/jboss.xml
  • ltjbossgt
  • ltsecurity-domaingtjava/some-domainlt/security-domai
    ngt
  • lt/jbossgt

6
JBOSS_SERVER/conf/login-config.xml
  • ltpolicygt
  • ltapplication-policy name name"gt
  • ltauthenticationgt
  • ltlogin-module code "LoginModule
    Implementation Class"
  • flag satisfaction requirement"gt
  • ltmodule-option name
    name"gtvaluelt/module-optiongt
  • lt/login-modulegt
  • lt/authenticationgt
  • lt/application-policygt
  • lt/policygt

used as security-domain name
a Java implementation class
states level of requirement for passing of policy
to grant access
module-specific options
7
JBOSS_SERVER/conf/login-config.xml
  • application-policy
  • name defines security-domain
  • missing application-policies are mapped to
    other application-policy at bottom of
    login-config.xml file
  • authentication
  • contains one or more login modules
  • login module
  • specifies a JAAS implementation to authenticate
    user
  • flags
  • required module must succeed for user to be
    authenticated

8
Login Modules
  • ConfiguredIdentityModule
  • sets the user identity to a constant value
  • UsersRolesLoginModule
  • uses two property files to authenticate user and
    assign roles

9
ConfiguredIdentityModule
  • class org.jboss.security.auth.spi.
    ConfiguredIdentityModule
  • sets the user identity to a constant value
  • useful when accessing external resource with
    single account while application server manages
    individual accounts
  • principal
  • ltmodule-option name "principal"gtsalt/module-optio
    ngt
  • username
  • ltmodule-option name "userName"gtsalt/module-option
    gt
  • password
  • ltmodule-option name "password"gtlt/module-optiongt

10
UsersRolesLoginModule
  • class org.jboss.security.auth.spi.UsersRolesLogin
    Module
  • uses two property files to authenticate user and
    assign roles
  • users.properties contains user logins and plain
    text passwords
  • user1password1
  • user2password2
  • roles.properties contains mapping of user login
    to roles
  • user1role1,role2
  • user2role1
  • Files located in classpath
  • can be within EAR for applications
  • Names can be customized with module-options
  • ltmodule-option name"usersProperties"gtjmx-console-
    users.propertieslt/module-optiongt
  • ltmodule-option name"rolesProperties"gtjmx-console-
    roles.propertieslt/module-optiongt
Write a Comment
User Comments (0)
About PowerShow.com