Darran Lofthouse [
http://community.jboss.org/people/dlofthouse] created the discussion
"Re: AS7: Construct for centralized security"
To view the discussion, visit:
http://community.jboss.org/message/590905#590905
--------------------------------------------------------------
Do we have any indication as to what this will look like for some of the core AS services
such as JBoss Web Configuration, JBossWS configurtion and for use by the LoginModules.
From the perspective of domain management it is looking likely that
requirements are going to be very close to those already covered in the core AS i.e.
* We will need configuration to obtain the keystores / truststores for use by the
exposed APIs
* We will need similar configuration for clients when establishing a connection to an
exposed API, i.e. the keystore for the clients identity and a truststore to verify the
other end of the connection.
* Then a Login process on the server side of the connection to authenticart the client
based on their cert.
When I have worked with this in previous AS releases one issue that I did encounter was
that the configuration of the JBoss Web connector was completely independent of the
configuration for the BaseCertLoginModule to perform the authentication of the user it
would definately help if this was brought to a point that a common keystore / truststore
configuration could then be used.
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/590905#590905]
Start a new discussion in PicketBox Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]