I want to jot down the current effort at integrating security into AS5.
At the container level (web/ejb), I am injecting 3 things via the deployers:
a) ISecurityManagement instance - this is just a interface to obtain the
SecurityManager(AuthenticationManager,AuthorizationManager,AuditManager etc) given a
security domain. (The default implementation that will be injected will be based on JNDI.
So if I say securityManagement.getAuthenticationManager, that is internally going to do a
JNDI lookup).
b) DefaultSecurityDomain - a security domain string to fall back on.
c) SecurityContextClassName - The Container creates a security context in the thread of
execution. This FQN tells which SecurityContext implementation needs to be created.
The container after creating the SC, injects the SecurityManagement instance into the SC,
such that whenever any code asks the SC for a SecurityManager, it can delegate it to the
SecurityManagement instance.
war-deployer-beans.xml
|
| <!-- The WebMetaData to service mbean deployer -->
| <bean name="WarDeployer"
class="org.jboss.web.tomcat.service.deployers.Tomcat
| Deployer">
| ...
| <!-- Specify a SecurityManagement Wrapper -->
| <property name="securityManagement">
| <inject bean="JNDIBasedSecurityManagement"/>
| </property>
|
| <!-- Specify a SecurityContext FQN class name -->
| <property
name="securityContextClassName">org.jboss.security.plugins.JBos
| sSecurityContext</property>
|
Similar case exists for the EJB deployer.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4083648#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...