Anil Saldhana [
http://community.jboss.org/people/anil.saldhana] created the document:
"Choosing an Authorization System for JBoss AS"
To view the document, visit:
http://community.jboss.org/docs/DOC-17063
--------------------------------------------------------------
This article should guide you to choose an authorization system for your applications
running in JBoss AS. The applications in question are web components and EJB components.
This article does not describe the authorization scheme for other EE components.
h2.
h2. Type of Authorization
1. Specification - Conform to the Servlet and EJB specifications. (web.xml,
ejb-jar.xml/annotations)
2. JACC - Conform to the JSR 115 specification.
3. XACML - Conforms to the Oasis XACML v2 specification. This is a non-standard
extension.
h2.
h2. Documentation
1. Specification: Refer to the standard JBoss AS documentation.
2. JACC: Refer to JBoss AS documentation to configure the JACC providers.
3. XACML:
http://java.dzone.com/articles/security-features-jboss-510-1
http://java.dzone.com/articles/security-features-jboss-510-1
h2.
h2. Some Caveats:
* We do not support an XACML based JACC provider. Keep the concepts separate. XACML is
an extensive access control specification where as JACC is a EE specification that extends
the Java Permission Model to the Web and EJB Components.
--------------------------------------------------------------
Comment by going to Community
[
http://community.jboss.org/docs/DOC-17063]
Create a new document in PicketBox Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]