[teiid-commits] teiid SVN: r2241 - in trunk/documentation: admin-guide/src/main/docbook/en-US/content and 1 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Thu Jun 17 14:51:54 EDT 2010
Author: rareddy
Date: 2010-06-17 14:51:53 -0400 (Thu, 17 Jun 2010)
New Revision: 2241
Added:
trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml
trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
Modified:
trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml
trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml
trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml
Log:
TEIID-315: adding the parts of the logging and security to the admin guide and leaving the customizing parts in the developer's guide.
Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml 2010-06-17 18:35:22 UTC (rev 2240)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml 2010-06-17 18:51:53 UTC (rev 2241)
@@ -29,7 +29,7 @@
]>
<book>
-
+
<bookinfo>
<title>Teiid - Scalable Information Integration</title>
<subtitle>Teiid Administrator's Guide</subtitle>
@@ -47,6 +47,8 @@
<xi:include href="content/installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/vdb-deployment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="content/security.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="content/logging.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/admin-console.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/adminshell-introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="content/getting-started.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
Added: trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml (rev 0)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml 2010-06-17 18:51:53 UTC (rev 2241)
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % CustomDTD SYSTEM "../../../../../../docbook/custom.dtd">
+%CustomDTD;
+]>
+<chapter id="logging">
+ <title>Logging</title>
+ <sect1 id="general_logging">
+ <title>General Logging</title>
+ <para>
+ The Teiid system provides a wealth of information via logging. To
+ control logging level, contexts, and log locations, you should be
+ familiar with
+ <ulink url="http://logging.apache.org/log4j/">log4j</ulink>
+ and the container's jboss-log4j.xml configuration file.
+ Teiid also provides a <profile>/conf/jboss-teiid-log4j.xml containing much of information from chapter.
+ </para>
+ <para>
+ All the logs
+ produced by Teiid are prefixed by "org.teiid". This makes it extremely
+ easy to control of of Teiid logging from a single context. Note however that changes to the log configuration file
+ require a restart to take affect
+ </para>
+ <sect2>
+ <title>Logging Contexts</title>
+ <para>While all of Teiid's logs are prefixed with "org.teiid", there
+ are more specific contexts depending on the functional area of the
+ system. Note that logs originating from third-party code, including
+ integrated org.jboss components, will be logged through their
+ respective contexts and not through org.teiid. See the table below for information on contexts
+ relevant to Teiid. See the container's jboss-log4j.xml for a more
+ complete listing of logging contexts used in the container.
+ </para>
+ <informaltable frame="all">
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>
+ <para>Context</para>
+ </entry>
+ <entry>
+ <para>Description</para>
+ </entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>
+ <para>com.arjuna</para>
+ </entry>
+ <entry>
+ <para>Third-party transaction manager. This will include
+ information about all transactions, not just those for Teiid.
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid</para>
+ </entry>
+ <entry>
+ <para>Root context for all Teiid logs. Note: there are
+ potentially other contexts used under org.teiid than are shown
+ in this table.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.PROCESSOR</para>
+ </entry>
+ <entry>
+ <para>Query processing logs. See also org.teiid.PLANNER for
+ query planning logs.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.PLANNER</para>
+ </entry>
+ <entry>
+ <para>Query planning logs.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.SECURITY</para>
+ </entry>
+ <entry>
+ <para>Session/Authentication events - see also AUDIT logging</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.TRANSPORT</para>
+ </entry>
+ <entry>
+ <para>Events related to the socket transport.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.RUNTIME</para>
+ </entry>
+ <entry>
+ <para>Events related to work management and system start/stop.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.CONNECTOR</para>
+ </entry>
+ <entry>
+ <para>Connector logs.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.BUFFER_MGR</para>
+ </entry>
+ <entry>
+ <para>Buffer and storage management logs.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.TXN_LOG</para>
+ </entry>
+ <entry>
+ <para>Detail log of all transaction operations.</para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.COMMAND_LOG</para>
+ </entry>
+ <entry>
+ <para>
+ See
+ <link linkend="command_logigng">command logging</link>
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.AUDIT_LOG</para>
+ </entry>
+ <entry>
+ <para>
+ See
+ <link linkend="audit_logigng">audit logging</link>
+ </para>
+ </entry>
+ </row>
+ <row>
+ <entry>
+ <para>org.teiid.ADMIN_API</para>
+ </entry>
+ <entry>
+ <para>Admin API logs.</para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </sect2>
+ </sect1>
+ <sect1 id="command_logging">
+ <title>Command Logging</title>
+ <para>Command logging captures executing commands in the Teiid System.
+ Both user commands (that have been submitted to Teiid) and data source
+ commands (that are being executed by the connectors) are tracked
+ through command logging.</para>
+ <para>To enable command logging to the default log location, simply
+ enable the DETAIL level of logging for the org.teiid.COMMAND_LOG
+ context.</para>
+ <para>
+ To enable command logging to an alternative file location,
+ configure a separate file appender for the DETAIL logging of the
+ org.teiid.COMMAND_LOG context. An example of this is shown below and
+ can also be found in the jboss-log4j.xml distributed with Teiid.
+ <programlisting><![CDATA[
+ <appender name="COMMAND" class="org.apache.log4j.RollingFileAppender">
+ <param name="File" value="log/command.log"/>
+ <param name="MaxFileSize" value="1000KB"/>
+ <param name="MaxBackupIndex" value="25"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/>
+ </layout>
+ </appender>
+
+ <category name="org.teiid.COMMAND_LOG">
+ <priority value="INFO"/>
+ <appender-ref ref="COMMAND"/>
+ </category>
+ ]]>
+ </programlisting>
+
+ See Developer's Guide if the file based logging is not sufficient and would need a custom logging solution.
+ </para>
+ </sect1>
+ <sect1 id="audit_logging">
+ <title>Audit Logging</title>
+ <para>Audit logging captures important security events. This includes
+ the enforcement of permissions, authentication success/failures, etc.
+ </para>
+ <para>To enable audit logging to the default log location, simply
+ enable the DETAIL level of logging for the org.teiid.AUDIT_LOG
+ context.</para>
+ <para>To enable audit logging to an alternative file location,
+ configure a separate file appender for the DETAIL logging of the
+ org.teiid.AUDIT_LOG context. An example of this is already in
+ the log4j.xml distributed with Teiid. See Developer's Guide if the
+ file based logging is not sufficient and would need a custom logging solution.</para>
+ </sect1>
+</chapter>
\ No newline at end of file
Property changes on: trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Added: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml (rev 0)
+++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-06-17 18:51:53 UTC (rev 2241)
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
+<chapter id="custom_security">
+ <title>Teiid Security</title>
+ <para>The Teiid system provides a range of built-in and extensible security features to enable the
+ secure access of data. </para>
+ <sect1>
+ <title>Authentication</title>
+ <para>JDBC clients may use simple passwords to authenticate a user.</para>
+ <para>Typically a user name is required, however user names may be considered optional if the
+ identity of the user can be discerned by the password credential alone. In
+ any case it is up to the configured security domain to determine whether a user can be
+ authenticated.</para>
+ </sect1>
+ <sect1>
+ <title>Authorization</title>
+ <para>Authorization covers both administrative activities and data
+ roles. A data role is a collection of permissions (also referred to as entitlements) and a
+ collection of entitled principals or groups. With the deployment of a VDB
+ the deployer can choose which principals and groups have which data roles.</para>
+ </sect1>
+ <sect1>
+ <title>Encryption</title>
+ <para>At a transport level Teiid provides built-in support for JDBC
+ over SSL or just sensitive message encryption when SSL is not in use.
+ </para>
+ <para>
+ Passwords in configuration files however are by default stored in
+ plain text. If you need these values to be encrypted, please see
+ <ulink
+ url="http://community.jboss.org/wiki/maskingpasswordsinjbossasxmlconfiguration">encrypting passwords</ulink>
+ for instructions on encryption facilities provided by the container.
+ </para>
+ </sect1>
+ <sect1>
+ <title>LoginModules</title>
+ <para>
+ LoginModules are an essential part of the JAAS security
+ framework and provide Teiid customizable user authentication and the
+ ability to reuse existing LoginModules defined for JBossAS. See
+ <ulink
+ url="http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html">JBossAS Security</ulink>
+ for general information on configuring security in JBossAS.</para>
+ <para>
+ Teiid can be configured with multiple named application policies
+ that group together relevant LoginModules. Each of these application
+ policy (or domains) names can be used to fully
+ qualify user names to
+ authenticate only against that domain. The format for a qualified
+ name is username at domainname.
+ </para>
+ <para>If a user name is not fully qualified, then the installed
+ domains will be consulted in order until a domain
+ successfully or unsuccessfully authenticates the
+ user.
+ </para>
+ <para>If no domain can authenticate the user, the logon
+ attempt will fail.
+ Details of the failed attempt including invalid users, which
+ domains were consulted, etc. will be in the server log with appropriate
+ levels of severity.</para>
+ <sect2>
+ <title>Built-in LoginModules</title>
+ <para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP.</para>
+ <para>The UsersRolesLoginModule, which utilizes simple text files
+ to authenticate users and to define
+ their groups. The teiid-jboss-beans.xml configuration file contains an example of how to use UsersRolesLoginModule.
+ Note that this is typically not for production use.
+ </para>
+ <para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for utilizing LDAP based authentication.
+ If you want use a your own Custom Login module, check out the Developer's Guide for instructions.
+ </para>
+ </sect2>
+ </sect1>
+ <note>
+ <para>The security-domain defined for the JDBC connection and Admin connections are separate.
+ The default name of JDBC connection's security-domain is "teiid-security". The default name for Admin connection
+ is "jmx-console". For the Admin connection's security domain, the user is allowed
+ to change which LoginModule that "jmx-console" pointing to, however should not change the name of the domain, as this name is
+ shared between the "admin-console" application.</para>
+ </note>
+</chapter>
\ No newline at end of file
Property changes on: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Modified: trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml
===================================================================
--- trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml 2010-06-17 18:35:22 UTC (rev 2240)
+++ trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml 2010-06-17 18:51:53 UTC (rev 2241)
@@ -5,8 +5,8 @@
]>
<chapter id="logging">
<title>Logging</title>
- <sect1 id="general_logging">
- <title>General Logging</title>
+ <sect1 id="custom_logging">
+ <title>Customized Logging</title>
<para>
The Teiid system provides a wealth of information via logging. To
control logging level, contexts, and log locations, you should be
@@ -14,265 +14,38 @@
<ulink url="http://logging.apache.org/log4j/">log4j</ulink>
and the container's jboss-log4j.xml configuration file.
Teiid also provides a <profile>/conf/jboss-teiid-log4j.xml containing much of information from chapter.
+ Check out Admin Guide for more details about different Teiid contexts available.
</para>
- <para>
- All the logs
- produced by Teiid are prefixed by org.teiid. This
- makes it extremely
- easy to control of of Teiid logging from a single
- context. Note however that changes to the log configuration file
- require a restart to take affect
+
+ <para>
+ If the default log4j logging mechanisms are not sufficient for your
+ logging needs you may need a different appender - see
+ <ulink url="http://logging.apache.org/log4j/1.2/apidocs/index.html">the log4j javadocs</ulink>.
+ Note that log4j already provides quite a few appenders including JMS, RDBMS, and SMTP.
</para>
- <sect2>
- <title>Logging Contexts</title>
- <para>While all of Teiid's logs are prefixed with org.teiid, there
- are more specific contexts depending on the functional area of the
- system. Note that logs originating from third-party code, including
- integrated org.jboss components, will be logged through their
- respective contexts and not through org.teiid. See the table below for information on contexts
- relevant to Teiid. See the container's jboss-log4j.xml for a more
- complete listing of logging contexts used in the container.
- </para>
- <informaltable frame="all">
- <tgroup cols="2">
- <thead>
- <row>
- <entry>
- <para>Context</para>
- </entry>
- <entry>
- <para>Description</para>
- </entry>
- </row>
- </thead>
- <tbody>
- <row>
- <entry>
- <para>com.arjuna</para>
- </entry>
- <entry>
- <para>Third-party transaction manager. This will include
- information about all transactions, not just those for Teiid.
- </para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid</para>
- </entry>
- <entry>
- <para>Root context for all Teiid logs. Note: there are
- potentially other contexts used under org.teiid than are shown
- in this table.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.PROCESSOR</para>
- </entry>
- <entry>
- <para>Query processing logs. See also org.teiid.PLANNER for
- query planning logs.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.PLANNER</para>
- </entry>
- <entry>
- <para>Query planning logs.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.SECURITY</para>
- </entry>
- <entry>
- <para>Session/Authentication events - see also AUDIT logging</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.TRANSPORT</para>
- </entry>
- <entry>
- <para>Events related to the socket transport.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.RUNTIME</para>
- </entry>
- <entry>
- <para>Events related to work management and system start/stop.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.CONNECTOR</para>
- </entry>
- <entry>
- <para>Connector logs.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.BUFFER_MGR</para>
- </entry>
- <entry>
- <para>Buffer and storage management logs.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.TXN_LOG</para>
- </entry>
- <entry>
- <para>Detail log of all transaction operations.</para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.COMMAND_LOG</para>
- </entry>
- <entry>
- <para>
- See
- <link linkend="command_logigng">command logging</link>
- </para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.AUDIT_LOG</para>
- </entry>
- <entry>
- <para>
- See
- <link linkend="audit_logigng">audit logging</link>
- </para>
- </entry>
- </row>
- <row>
- <entry>
- <para>org.teiid.ADMIN_API</para>
- </entry>
- <entry>
- <para>Admin API logs.</para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- </sect2>
- <sect2>
- <title>Command Logging API</title>
- <para>
- If the default log4j logging mechanisms are not sufficient for your
- logging needs you may need a appender - see
- <ulink url="http://logging.apache.org/log4j/1.2/apidocs/index.html">the log4j javadocs</ulink>
- . Note that log4j already provides quite a few appenders including
- JMS, RDBMS, and SMTP.
- </para>
- <para>If you develop a custom logging solution, the implementation
- jar should be placed in the lib directory of the server profile
- Teiid is installed in.
- </para>
- </sect2>
+ <para>If you want a custom appender, follow the Log4J directions to write a custom appender. See instructions
+ <ulink url="http://logging.apache.org/log4net/release/faq.html">here</ulink>. If you develop a custom
+ logging solution, the implementation jar should be placed in the "lib" directory of the JBoss AS server profile
+ Teiid is installed in.
+ </para>
+
+ <sect2>
+ <title>Command Logging API</title>
+ <para>
+ If you want to build a custom appender for command logging that will have access to
+ log4j "LoggingEvents" to the "COMMAND_LOG" context, it will have a message that is an instance of
+ <code>org.teiid.logging.CommandLogMessage</code> defined in the <code>teiid-api-&versionNumber;.jar</code>
+ use these class in your development. The CommmdLogMessage include information about vdb, session, command-sql etc.
+ </para>
+ </sect2>
+
+ <sect2 id="audit_logging">
+ <title>Audit Logging API</title>
+ <para>If you want to build a custom appender for command logging that will have access to
+ log4j "LoggingEvents" to the "AUDIT_LOG" context, it will have a message that is an instance of
+ <code>org.teiid.logging.AuditMessage</code> defined in the <code>teiid-api-&versionNumber;.jar</code>
+ use this class in your development. AuditMessage include information about user, the action, and the
+ target(s) of the action.</para>
+ </sect2>
</sect1>
- <sect1 id="command_logging">
- <title>Command Logging</title>
- <para>Command logging captures executing commands in the
- Teiid System.
- Both user commands (that have been submitted
- to Teiid)
- and data source
- commands (that are being executed by the
- connectors)
- are tracked
- through command logging.</para>
- <para>To enable command logging to the default log location, simply
- enable the DETAIL level of logging for the org.teiid.COMMAND_LOG
- context.</para>
- <para>
- To enable command logging to an alternative file location,
- configure a
- separate file appender for the DETAIL logging of the
- org.teiid.COMMAND_LOG context. An example of this is shown below and
- can also be found in the jboss-log4j.xml distributed with Teiid.
- <programlisting><![CDATA[
- <appender name="COMMAND" class="org.apache.log4j.RollingFileAppender">
- <param name="File" value="log/command.log"/>
- <param name="MaxFileSize" value="1000KB"/>
- <param name="MaxBackupIndex" value="25"/>
- <layout class="org.apache.log4j.PatternLayout">
- <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/>
- </layout>
- </appender>
-
- <category name="org.teiid.COMMAND_LOG">
- <priority value="INFO"/>
- <appender-ref ref="COMMAND"/>
- </category>
- ]]>
- </programlisting>
- </para>
- <sect2>
- <title>Command Logging API</title>
- <para>
- If the default log4j logging mechanisms are not sufficient for
- your
- command logging needs, you may need a custom log4j appender.
- The
- custom appender will have access to log4j LoggingEvents to the
- COMMAND_LOG context, which have a
- message that is an instance of
- org.teiid.logging.api.CommandLogMessage defined in the
- teiid-connector-api-&versionNumber;.jar.
- </para>
- <para>
- See
- <link linkend="general_logging">General Logging</link>
- for more information on utilizing log4j.
- </para>
- </sect2>
- </sect1>
- <sect1 id="audit_logging">
- <title>Audit Logging</title>
- <para>Audit logging captures important security events. This includes
- the enforcement of permissions, authentication success/failures, etc.
- </para>
- <para>To enable audit logging to the default log location, simply
- enable the DETAIL level of logging for the org.teiid.AUDIT_LOG
- context.</para>
- <para>To enable audit logging to an alternative file location,
- configure a separate file appender for the DETAIL logging of the
- org.teiid.AUDIT_LOG context. An example of this is already in
- the
- log4j.xml distributed with Teiid.</para>
- <sect2>
- <title>Audit Logging API</title>
- <para>
- If the default log4j logging mechanisms are not sufficient for
- your
- audit logging needs, you may need a custom log4j appender.
- The
- custom
- appender will have access to log4j LoggingEvents to the
- AUDIT_LOG
- context, which have a
- message that is an instance of
- org.teiid.logging.api.AuditMessage defined in the
- teiid-connector-api-&versionNumber;.jar.
- AuditMessages include
- information about user, the action, and the
- target(s) of the action.
- </para>
- <para>
- See
- <link linkend="general_logging">General Logging</link>
- for more information on utilizing log4j.
- </para>
- </sect2>
- </sect1>
</chapter>
\ No newline at end of file
Modified: trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml
===================================================================
--- trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml 2010-06-17 18:35:22 UTC (rev 2240)
+++ trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml 2010-06-17 18:51:53 UTC (rev 2241)
@@ -1,93 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
-<chapter id="custom_security">
- <title>Teiid Security</title>
- <para>The Teiid system provides a range of built-in and extensible
- security features to enable the
- secure access of data. </para>
- <sect1>
- <title>Authentication</title>
- <para>JDBC clients may use simple passwords to authenticate a user.
- </para>
- <para>Typically a user name is required, however user names may be
- considered optional if the
- identity of the user can be discerned by
- the password credential alone. In
- any case it is up
- to the configured
- security domain to determine whether a user can be
- authenticated.
- </para>
- </sect1>
- <sect1>
- <title>Authorization</title>
- <para>Authorization covers both administrative activities and
- data
- roles. A data role is a collection of permissions (also referred to
- as entitlements) and a
- collection of entitled principals or groups.
- With the deployment of a VDB
- the deployer can choose which principals
- and groups have which data roles.</para>
- </sect1>
- <sect1>
- <title>Encryption</title>
- <para>At a transport level Teiid provides built-in support for JDBC
- over SSL or just sensitive message encryption when SSL is not in use.
- </para>
- <para>
- Passwords in configuration files however are by default stored in
- plain text. If you need these values to be encrypted, please see
- <ulink
- url="http://community.jboss.org/wiki/maskingpasswordsinjbossasxmlconfiguration">encrypting passwords</ulink>
- for instructions on encryption facilities provided by the container.
- </para>
- </sect1>
- <sect1>
- <title>LoginModules</title>
- <para>
- LoginModules are an essential part of the JAAS security
- framework and provide Teiid customizable user authentication and the
- ability to reuse existing LoginModules defined for JBossAS. See
- <ulink
- url="http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html">JBossAS Security</ulink>
- for general information on configuring security in JBossAS.</para>
- <para>
- Teiid can be configured with multiple named application policies
- that group together relevant LoginModules. Each of these application
- policy (or domains) names can be used to fully
- qualify user names to
- authenticate only against that domain. The format for a qualified
- name is username at domainname.
- </para>
- <para>If a user name is not fully qualified, then the installed
- domains will be consulted in order until a domain
- successfully or unsuccessfully authenticates the
- user.
- </para>
- <para>If no domain can authenticate the user, the logon
- attempt will fail.
- Details of the failed attempt including invalid users, which
- domains were consulted, etc. will be in the server log with appropriate
- levels of severity.</para>
- <sect2>
+<chapter id="custom_login_modules">
+ <title>Login Modules</title>
+ <para>The Teiid system provides a range of built-in and extensible security features to enable the
+ secure access of data. For details about how to configure the available security features check out
+ Admin Guide.</para>
+ <para>
+ LoginModules are an essential part of the JAAS security
+ framework and provide Teiid customizable user authentication and the
+ ability to reuse existing LoginModules defined for JBossAS. See
+ <ulink
+ url="http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html">JBossAS Security</ulink>
+ for general information on configuring security in JBossAS.</para>
+
+ <sect1>
<title>Built-in LoginModules</title>
- <para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP.</para>
- <para>The UsersRolesLoginModule, which utilizes simple text files
- to authenticate users and to define
- their groups. The teiid-jboss-beans.xml configuration file contains an example of how to use UsersRolesLoginModule.
- Note that this is typically not for production use.
- </para>
- <para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for utilizing LDAP based authentication.
- </para>
- </sect2>
- <sect2>
+ <para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP.
+ The below are are some of the available in JBoss AS </para>
+
+ <para>See for all the available <ulink url="http://community.jboss.org/docs/DOC-11287"> login modules.</ulink></para>
+
+ <para>See <ulink url="http://community.jboss.org/docs/DOC-12510">UserRoles LoginModule configuration</ulink>
+ for utilizing simple file based authentication.</para>
+ <para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for
+ utilizing LDAP based authentication. </para>
+ <para>See <ulink url="http://community.jboss.org/docs/DOC-9511">Database LoginModule configuration</ulink> for
+ utilizing Database based authentication. </para>
+
+ <para>See <ulink url="http://community.jboss.org/docs/DOC-9160">Cert LoginModule configuration</ulink> for
+ utilizing X509 certificate based authentication. </para>
+ </sect1>
+ <sect1>
<title>Custom LoginModules</title>
<para>
If your authentication needs go beyond the provided LoginModules, please consult the
<ulink url="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html">JAAS development guide</ulink>.
There are also numerous guides available.
</para>
- </sect2>
- </sect1>
+
+ <para>If you are extending one of the built-in LoginModules, please see
+ <ulink url="http://community.jboss.org/docs/DOC-9466">this</ulink>.</para>
+ </sect1>
</chapter>
\ No newline at end of file
More information about the teiid-commits
mailing list