Darran Lofthouse [
http://community.jboss.org/people/dlofthouse] modified the document:
"Management API Security Possible Configuration Samples"
To view the document, visit:
http://community.jboss.org/docs/DOC-16576
--------------------------------------------------------------
h1. Management API Security Possible Configuration Samples
When defining the management API security there are a couple of options regarding how we
could structure the configuration, for these options we also need to consider how it will
look for both domain deployments and for a standalone server.
So far these samples show the authentication configuration, the ACLs for authorization
still need to be considered.
h2. Host Focussed Configuration (Authentication)
For "Host Focussed" the bulk of the configuration would be in the host.xml.
h3. Domain Example
*domain.xml*
<?xml version="1.0" ?>
<domain xmlns="urn:jboss:domain:1.0">
...
</domain>
*host.xml*
<?xml version="1.0" ?>
<host xmlns="urn:jboss:domain:1.0">
...
<management>
<datasource-pools>
<pool name="UsersDatabase">
<pool-option name="driver"
value="org.something.JDBCDriver"/>
<pool-option name="url"
value="db://somehost:someport"/>
</pool>
</datasource-pools>
<security>
<security-domain>
<login-module code="Database" flag="required">
<module-option name="PoolName"
value="UsersDatabase" />
</login-module>
</security-domain>
</security>
<native-api interface="public" port="9991"/>
<http-api interface="public" port="9992"/>
</management>
<domain-controller>
<remote host="127.0.0.1" port="9999"/>
</domain-controller>
...
</host>
h3. Standalone Example
*standalone.xml*
<server xmlns="urn:jboss:domain:1.0"
...
<management>
<datasource-pools>
<pool name="UsersDatabase">
<pool-option name="driver"
value="org.something.JDBCDriver"/>
<pool-option name="url"
value="db://somehost:someport"/>
</pool>
</datasource-pools>
<security>
<security-domain>
<login-module code="Database" flag="required">
<module-option name="PoolName"
value="UsersDatabase" />
</login-module>
</security-domain>
</security>
<native-api interface="public" port="9991"/>
<http-api interface="public" port="9992"/>
</management>
...
</server>
h2. Domain Central Configuration (Authentication)
For "Domain Central" configuration as much of the configuration as possible will
be in the domain.xml, remote nodes will recieve this configuration when they connect to
the master domain controller.
h3. Domain Example
*domain.xml*
<?xml version="1.0" ?>
<domain xmlns="urn:jboss:domain:1.0">
...
<management>
<datasource-pools>
<pool name="UsersDatabase">
<pool-option name="driver"
value="org.something.JDBCDriver"/>
<pool-option name="url"
value="db://somehost:someport"/>
</pool>
</datasource-pools>
<security>
<security-domain>
<login-module code="Database" flag="required">
<module-option name="PoolName"
value="UsersDatabase" />
</login-module>
</security-domain>
</security>
</management>
...
</domain>
*host.xml*
<?xml version="1.0" ?>
<host xmlns="urn:jboss:domain:1.0">
...
<management-apis>
<native-api interface="public" port="9991"/>
<http-api interface="public" port="9992"/>
</management-apis>
<domain-controller> <remote host="127.0.0.1"
port="9999"/>
</domain-controller>
...
</host>
h3. Standalone Example
*standalone.xml*
<server xmlns="urn:jboss:domain:1.0"
...
<management>
<datasource-pools>
<pool name="UsersDatabase">
<pool-option name="driver"
value="org.something.JDBCDriver"/>
<pool-option name="url"
value="db://somehost:someport"/>
</pool>
</datasource-pools>
<security>
<security-domain>
<login-module code="Database" flag="required">
<module-option name="PoolName"
value="UsersDatabase" />
</login-module>
</security-domain>
</security>
</management>
<management-apis>
<native-api interface="public" port="9991"/>
<http-api interface="public" port="9992"/>
</management-apis>
...
</server>
--------------------------------------------------------------
Comment by going to Community
[
http://community.jboss.org/docs/DOC-16576]
Create a new document in JBoss AS7 Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]