1 / 10

Setting up Security in JBoss

Setting up Security in JBoss. References: “Getting Started with JBoss, J2EE applications on the JBoss 3.2.x Server” , Luke Taylor and The JBoss Group. http://www.jboss.org/modules/html/docs/jbossj2ee.pdf. Security Domains (a.k.a Realms). Implement security policy within the application server

sebastian-lane
Download Presentation

Setting up Security in JBoss

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Setting up Securityin JBoss References: “Getting Started with JBoss, J2EE applications on the JBoss 3.2.x Server”, Luke Taylor and The JBoss Group. http://www.jboss.org/modules/html/docs/jbossj2ee.pdf JBoss Security Setup

  2. Security Domains (a.k.a Realms) • Implement security policy within the application server • Based on JAAS • See JBoss JAAS How To • http://prdownloads.sourceforge.net/jboss/jaashowto-32x.zip?download • Referenced by DataSources, Web Applications, EJBs, etc. • Centralizes the management/implementation of security within the application server • Security domain name mapped to login modules within $JBOSS_SERVER/conf/login-config.xml JBoss Security Setup

  3. Example Reference in DataSource //based on $JBOSS_SERVER/deploy/hsqldb_ds.xml <datasources> <local-tx-datasource> <jndi-name>DefaultDS</jndi-name> <connection-url> jdbc:hsqldb:${jboss.server.data.dir}${/}hypersonic${/}localDB </connection-url> <driver-class>org.hsqldb.jdbcDriver</driver-class> <security-domain>HsqlDbRealm</security-domain> </local-tx-datasource> </datasources> JBoss Security Setup

  4. Example Reference in Web Application //based on $JBOSS_SERVER/deploy/jmx-console/WEB-INF/jboss-web.xml <jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web> JBoss Security Setup

  5. Example Reference in EJB // $EJB/META-INF/jboss.xml <jboss> <security-domain>java:/some-domain</security-domain> </jboss> JBoss Security Setup

  6. $JBOSS_SERVER/conf/login-config.xml <policy> <application-policy name = “name"> <authentication> <login-module code = "LoginModule Implementation Class" flag = “satisfaction requirement"> <module-option name = “name">value</module-option> </login-module> … </authentication> </application-policy> … </policy> used as security-domain name a Java implementation class states level of requirement for passing of policy to grant access module-specific options JBoss Security Setup

  7. $JBOSS_SERVER/conf/login-config.xml • application-policy • name defines security-domain • missing application-policies are mapped to “other” application-policy at bottom of login-config.xml file • authentication • contains one or more login modules • login module • specifies a JAAS implementation to authenticate user • flags • required: module must succeed for user to be authenticated JBoss Security Setup

  8. Login Modules • ConfiguredIdentityModule • sets the user identity to a constant value • UsersRolesLoginModule • uses two property files to authenticate user and assign roles JBoss Security Setup

  9. ConfiguredIdentityModule • class: org.jboss.security.auth.spi. ConfiguredIdentityModule • sets the user identity to a constant value • useful when accessing external resource with single account while application server manages individual accounts • principal • <module-option name = "principal">sa</module-option> • username • <module-option name = "userName">sa</module-option> • password • <module-option name = "password"></module-option> JBoss Security Setup

  10. UsersRolesLoginModule • class: org.jboss.security.auth.spi.UsersRolesLoginModule • uses two property files to authenticate user and assign roles • users.properties – contains user logins and plain text passwords • user1=password1 • user2=password2 • roles.properties – contains mapping of user login to roles • user1=role1,role2 • user2=role1 • Files located in classpath • can be within EAR for applications • Names can be customized with module-options • <module-option name="usersProperties">jmx-console-users.properties</module-option> • <module-option name="rolesProperties">jmx-console-roles.properties</module-option> JBoss Security Setup

More Related