[wildfly-dev] Security subsystem and its security-domain definitions in the servlet-distribution
Yeray Borges
yborgess at redhat.com
Tue Jun 19 09:45:19 EDT 2018
Hello everyone,
I'm doing a comparison between the different server configuration files
generated in normal distribution and servlet-distribution, basically
working on [1].
The security subsystem in the servlet distribution does not have these
security domains configured whereas they are in the normal distribution:
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
...
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
<security-domains>
I understand jboss-ejb-policy should not be configured because the
servlet-distribution does not use ejbs, but what about jaspitest?
I have no clue if it has to be included or not in the servlet-distribution.
Do you know if we should include it?
Regards,
Yeray
[1] https://issues.jboss.org/browse/WFLY-10421
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20180619/a57834f2/attachment.html
More information about the wildfly-dev
mailing list