Author: rareddy Date: 2010-06-17 14:51:53 -0400 (Thu, 17 Jun 2010) New Revision: 2241 Added: trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml Log: TEIID-315: adding the parts of the logging and security to the admin guide and leaving the customizing parts in the developer's guide. Modified: trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml =================================================================== --- trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml 2010-06-17 18:35:22 UTC (rev 2240) +++ trunk/documentation/admin-guide/src/main/docbook/en-US/admin_guide.xml 2010-06-17 18:51:53 UTC (rev 2241) @@ -29,7 +29,7 @@ ]> <book> - + <bookinfo> <title>Teiid - Scalable Information Integration</title> <subtitle>Teiid Administrator's Guide</subtitle> @@ -47,6 +47,8 @@ <xi:include href="content/installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> <xi:include href="content/vdb-deployment.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="content/security.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="content/logging.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> <xi:include href="content/admin-console.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> <xi:include href="content/adminshell-introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> <xi:include href="content/getting-started.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> Added: trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml =================================================================== --- trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml (rev 0) +++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml 2010-06-17 18:51:53 UTC (rev 2241) @@ -0,0 +1,215 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!ENTITY % CustomDTD SYSTEM "../../../../../../docbook/custom.dtd"> +%CustomDTD; +]> +<chapter id="logging"> + <title>Logging</title> + <sect1 id="general_logging"> + <title>General Logging</title> + <para> + The Teiid system provides a wealth of information via logging. To + control logging level, contexts, and log locations, you should be + familiar with + <ulink url="http://logging.apache.org/log4j/">log4j</ulink> + and the container's jboss-log4j.xml configuration file. + Teiid also provides a &lt;profile&gt;/conf/jboss-teiid-log4j.xml containing much of information from chapter. + </para> + <para> + All the logs + produced by Teiid are prefixed by "org.teiid". This makes it extremely + easy to control of of Teiid logging from a single context. Note however that changes to the log configuration file + require a restart to take affect + </para> + <sect2> + <title>Logging Contexts</title> + <para>While all of Teiid's logs are prefixed with "org.teiid", there + are more specific contexts depending on the functional area of the + system. Note that logs originating from third-party code, including + integrated org.jboss components, will be logged through their + respective contexts and not through org.teiid. See the table below for information on contexts + relevant to Teiid. See the container's jboss-log4j.xml for a more + complete listing of logging contexts used in the container. + </para> + <informaltable frame="all"> + <tgroup cols="2"> + <thead> + <row> + <entry> + <para>Context</para> + </entry> + <entry> + <para>Description</para> + </entry> + </row> + </thead> + <tbody> + <row> + <entry> + <para>com.arjuna</para> + </entry> + <entry> + <para>Third-party transaction manager. This will include + information about all transactions, not just those for Teiid. + </para> + </entry> + </row> + <row> + <entry> + <para>org.teiid</para> + </entry> + <entry> + <para>Root context for all Teiid logs. Note: there are + potentially other contexts used under org.teiid than are shown + in this table.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.PROCESSOR</para> + </entry> + <entry> + <para>Query processing logs. See also org.teiid.PLANNER for + query planning logs.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.PLANNER</para> + </entry> + <entry> + <para>Query planning logs.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.SECURITY</para> + </entry> + <entry> + <para>Session/Authentication events - see also AUDIT logging</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.TRANSPORT</para> + </entry> + <entry> + <para>Events related to the socket transport.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.RUNTIME</para> + </entry> + <entry> + <para>Events related to work management and system start/stop.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.CONNECTOR</para> + </entry> + <entry> + <para>Connector logs.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.BUFFER_MGR</para> + </entry> + <entry> + <para>Buffer and storage management logs.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.TXN_LOG</para> + </entry> + <entry> + <para>Detail log of all transaction operations.</para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.COMMAND_LOG</para> + </entry> + <entry> + <para> + See + <link linkend="command_logigng">command logging</link> + </para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.AUDIT_LOG</para> + </entry> + <entry> + <para> + See + <link linkend="audit_logigng">audit logging</link> + </para> + </entry> + </row> + <row> + <entry> + <para>org.teiid.ADMIN_API</para> + </entry> + <entry> + <para>Admin API logs.</para> + </entry> + </row> + </tbody> + </tgroup> + </informaltable> + </sect2> + </sect1> + <sect1 id="command_logging"> + <title>Command Logging</title> + <para>Command logging captures executing commands in the Teiid System. + Both user commands (that have been submitted to Teiid) and data source + commands (that are being executed by the connectors) are tracked + through command logging.</para> + <para>To enable command logging to the default log location, simply + enable the DETAIL level of logging for the org.teiid.COMMAND_LOG + context.</para> + <para> + To enable command logging to an alternative file location, + configure a separate file appender for the DETAIL logging of the + org.teiid.COMMAND_LOG context. An example of this is shown below and + can also be found in the jboss-log4j.xml distributed with Teiid. + <programlisting><![CDATA[ + <appender name="COMMAND" class="org.apache.log4j.RollingFileAppender"> + <param name="File" value="log/command.log"/> + <param name="MaxFileSize" value="1000KB"/> + <param name="MaxBackupIndex" value="25"/> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/> + </layout> + </appender> + + <category name="org.teiid.COMMAND_LOG"> + <priority value="INFO"/> + <appender-ref ref="COMMAND"/> + </category> + ]]> + </programlisting> + + See Developer's Guide if the file based logging is not sufficient and would need a custom logging solution. + </para> + </sect1> + <sect1 id="audit_logging"> + <title>Audit Logging</title> + <para>Audit logging captures important security events. This includes + the enforcement of permissions, authentication success/failures, etc. + </para> + <para>To enable audit logging to the default log location, simply + enable the DETAIL level of logging for the org.teiid.AUDIT_LOG + context.</para> + <para>To enable audit logging to an alternative file location, + configure a separate file appender for the DETAIL logging of the + org.teiid.AUDIT_LOG context. An example of this is already in + the log4j.xml distributed with Teiid. See Developer's Guide if the + file based logging is not sufficient and would need a custom logging solution.</para> + </sect1> +</chapter> \ No newline at end of file Property changes on: trunk/documentation/admin-guide/src/main/docbook/en-US/content/logging.xml ___________________________________________________________________ Name: svn:mime-type + text/plain Added: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml =================================================================== --- trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml (rev 0) +++ trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml 2010-06-17 18:51:53 UTC (rev 2241) @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> +<chapter id="custom_security"> + <title>Teiid Security</title> + <para>The Teiid system provides a range of built-in and extensible security features to enable the + secure access of data.  </para> + <sect1> + <title>Authentication</title> + <para>JDBC clients may use simple passwords to authenticate a user.</para> + <para>Typically a user name is required, however user names may be considered optional if the + identity of the user can be discerned by the password credential alone.  In + any case it is up to the configured security domain to determine whether a user can be + authenticated.</para> + </sect1> + <sect1> + <title>Authorization</title> + <para>Authorization covers both administrative activities and data + roles.  A data role is a collection of permissions (also referred to as entitlements) and a + collection of entitled principals or groups. With the deployment of a VDB + the deployer can choose which principals and groups have which data roles.</para> + </sect1> + <sect1> + <title>Encryption</title> + <para>At a transport level Teiid provides built-in support for JDBC + over SSL or just sensitive message encryption when SSL is not in use. + </para> + <para> + Passwords in configuration files however are by default stored in + plain text. If you need these values to be encrypted, please see + <ulink + url="http://community.jboss.org/wiki/maskingpasswordsinjbossasxmlcon... passwords</ulink> + for instructions on encryption facilities provided by the container. + </para> + </sect1> + <sect1> + <title>LoginModules</title> + <para> + LoginModules are an essential part of the JAAS security + framework and provide Teiid customizable user authentication and the + ability to reuse existing LoginModules defined for JBossAS. See + <ulink + url="http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.ht... Security</ulink> + for general information on configuring security in JBossAS.</para> + <para> + Teiid can be configured with multiple named application policies + that group together relevant LoginModules. Each of these application + policy (or domains) names can be used to fully + qualify user names to + authenticate only against that domain.  The format for a qualified + name is username@domainname. + </para> + <para>If a user name is not fully qualified, then the installed + domains will be consulted in order until a domain + successfully or unsuccessfully authenticates the + user. + </para> + <para>If no domain can authenticate the user, the logon + attempt will fail. + Details of the failed attempt including invalid users, which + domains were consulted, etc. will be in the server log with appropriate + levels of severity.</para> + <sect2> + <title>Built-in LoginModules</title> + <para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP.</para> + <para>The UsersRolesLoginModule, which utilizes simple text files + to authenticate users and to define + their groups.  The teiid-jboss-beans.xml configuration file contains an example of how to use UsersRolesLoginModule. + Note that this is typically not for production use. + </para> + <para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for utilizing LDAP based authentication. + If you want use a your own Custom Login module, check out the Developer's Guide for instructions. + </para> + </sect2> + </sect1> + <note> + <para>The security-domain defined for the JDBC connection and Admin connections are separate. + The default name of JDBC connection's security-domain is "teiid-security". The default name for Admin connection + is "jmx-console". For the Admin connection's security domain, the user is allowed + to change which LoginModule that "jmx-console" pointing to, however should not change the name of the domain, as this name is + shared between the "admin-console" application.</para> + </note> +</chapter> \ No newline at end of file Property changes on: trunk/documentation/admin-guide/src/main/docbook/en-US/content/security.xml ___________________________________________________________________ Name: svn:mime-type + text/plain Modified: trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml =================================================================== --- trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml 2010-06-17 18:35:22 UTC (rev 2240) +++ trunk/documentation/developer-guide/src/main/docbook/en-US/content/logging.xml 2010-06-17 18:51:53 UTC (rev 2241) @@ -5,8 +5,8 @@ ]> <chapter id="logging"> <title>Logging</title> - <sect1 id="general_logging"> - <title>General Logging</title> + <sect1 id="custom_logging"> + <title>Customized Logging</title> <para> The Teiid system provides a wealth of information via logging. To control logging level, contexts, and log locations, you should be @@ -14,265 +14,38 @@ <ulink url="http://logging.apache.org/log4j/">log4j</ulink> and the container's jboss-log4j.xml configuration file. Teiid also provides a &lt;profile&gt;/conf/jboss-teiid-log4j.xml containing much of information from chapter. + Check out Admin Guide for more details about different Teiid contexts available. </para> - <para> - All the logs - produced by Teiid are prefixed by org.teiid. This - makes it extremely - easy to control of of Teiid logging from a single - context. Note however that changes to the log configuration file - require a restart to take affect + + <para> + If the default log4j logging mechanisms are not sufficient for your + logging needs you may need a different appender - see + <ulink url="http://logging.apache.org/log4j/1.2/apidocs/index.html">... log4j javadocs</ulink>. + Note that log4j already provides quite a few appenders including JMS, RDBMS, and SMTP. </para> - <sect2> - <title>Logging Contexts</title> - <para>While all of Teiid's logs are prefixed with org.teiid, there - are more specific contexts depending on the functional area of the - system. Note that logs originating from third-party code, including - integrated org.jboss components, will be logged through their - respective contexts and not through org.teiid. See the table below for information on contexts - relevant to Teiid. See the container's jboss-log4j.xml for a more - complete listing of logging contexts used in the container. - </para> - <informaltable frame="all"> - <tgroup cols="2"> - <thead> - <row> - <entry> - <para>Context</para> - </entry> - <entry> - <para>Description</para> - </entry> - </row> - </thead> - <tbody> - <row> - <entry> - <para>com.arjuna</para> - </entry> - <entry> - <para>Third-party transaction manager. This will include - information about all transactions, not just those for Teiid. - </para> - </entry> - </row> - <row> - <entry> - <para>org.teiid</para> - </entry> - <entry> - <para>Root context for all Teiid logs. Note: there are - potentially other contexts used under org.teiid than are shown - in this table.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.PROCESSOR</para> - </entry> - <entry> - <para>Query processing logs. See also org.teiid.PLANNER for - query planning logs.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.PLANNER</para> - </entry> - <entry> - <para>Query planning logs.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.SECURITY</para> - </entry> - <entry> - <para>Session/Authentication events - see also AUDIT logging</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.TRANSPORT</para> - </entry> - <entry> - <para>Events related to the socket transport.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.RUNTIME</para> - </entry> - <entry> - <para>Events related to work management and system start/stop.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.CONNECTOR</para> - </entry> - <entry> - <para>Connector logs.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.BUFFER_MGR</para> - </entry> - <entry> - <para>Buffer and storage management logs.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.TXN_LOG</para> - </entry> - <entry> - <para>Detail log of all transaction operations.</para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.COMMAND_LOG</para> - </entry> - <entry> - <para> - See - <link linkend="command_logigng">command logging</link> - </para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.AUDIT_LOG</para> - </entry> - <entry> - <para> - See - <link linkend="audit_logigng">audit logging</link> - </para> - </entry> - </row> - <row> - <entry> - <para>org.teiid.ADMIN_API</para> - </entry> - <entry> - <para>Admin API logs.</para> - </entry> - </row> - </tbody> - </tgroup> - </informaltable> - </sect2> - <sect2> - <title>Command Logging API</title> - <para> - If the default log4j logging mechanisms are not sufficient for your - logging needs you may need a appender - see - <ulink url="http://logging.apache.org/log4j/1.2/apidocs/index.html">... log4j javadocs</ulink> - . Note that log4j already provides quite a few appenders including - JMS, RDBMS, and SMTP. - </para> - <para>If you develop a custom logging solution, the implementation - jar should be placed in the lib directory of the server profile - Teiid is installed in. - </para> - </sect2> + <para>If you want a custom appender, follow the Log4J directions to write a custom appender. See instructions + <ulink url="http://logging.apache.org/log4net/release/faq.html">her...;. If you develop a custom + logging solution, the implementation jar should be placed in the "lib" directory of the JBoss AS server profile + Teiid is installed in. + </para> + + <sect2> + <title>Command Logging API</title> + <para> + If you want to build a custom appender for command logging that will have access to + log4j "LoggingEvents" to the "COMMAND_LOG" context, it will have a message that is an instance of + <code>org.teiid.logging.CommandLogMessage</code> defined in the <code>teiid-api-&versionNumber;.jar</code> + use these class in your development. The CommmdLogMessage include information about vdb, session, command-sql etc. + </para> + </sect2> + + <sect2 id="audit_logging"> + <title>Audit Logging API</title> + <para>If you want to build a custom appender for command logging that will have access to + log4j "LoggingEvents" to the "AUDIT_LOG" context, it will have a message that is an instance of + <code>org.teiid.logging.AuditMessage</code> defined in the <code>teiid-api-&versionNumber;.jar</code> + use this class in your development. AuditMessage include information about user, the action, and the + target(s) of the action.</para> + </sect2> </sect1> - <sect1 id="command_logging"> - <title>Command Logging</title> - <para>Command logging captures executing commands in the - Teiid System. - Both user commands (that have been submitted - to Teiid) - and data source - commands (that are being executed by the - connectors) - are tracked - through command logging.</para> - <para>To enable command logging to the default log location, simply - enable the DETAIL level of logging for the org.teiid.COMMAND_LOG - context.</para> - <para> - To enable command logging to an alternative file location, - configure a - separate file appender for the DETAIL logging of the - org.teiid.COMMAND_LOG context. An example of this is shown below and - can also be found in the jboss-log4j.xml distributed with Teiid. - <programlisting><![CDATA[ - <appender name="COMMAND" class="org.apache.log4j.RollingFileAppender"> - <param name="File" value="log/command.log"/> - <param name="MaxFileSize" value="1000KB"/> - <param name="MaxBackupIndex" value="25"/> - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/> - </layout> - </appender> - - <category name="org.teiid.COMMAND_LOG"> - <priority value="INFO"/> - <appender-ref ref="COMMAND"/> - </category> - ]]> - </programlisting> - </para> - <sect2> - <title>Command Logging API</title> - <para> - If the default log4j logging mechanisms are not sufficient for - your - command logging needs, you may need a custom log4j appender. - The - custom appender will have access to log4j LoggingEvents to the - COMMAND_LOG context, which have a - message that is an instance of - org.teiid.logging.api.CommandLogMessage defined in the - teiid-connector-api-&versionNumber;.jar. - </para> - <para> - See - <link linkend="general_logging">General Logging</link> - for more information on utilizing log4j. - </para> - </sect2> - </sect1> - <sect1 id="audit_logging"> - <title>Audit Logging</title> - <para>Audit logging captures important security events. This includes - the enforcement of permissions, authentication success/failures, etc. - </para> - <para>To enable audit logging to the default log location, simply - enable the DETAIL level of logging for the org.teiid.AUDIT_LOG - context.</para> - <para>To enable audit logging to an alternative file location, - configure a separate file appender for the DETAIL logging of the - org.teiid.AUDIT_LOG context. An example of this is already in - the - log4j.xml distributed with Teiid.</para> - <sect2> - <title>Audit Logging API</title> - <para> - If the default log4j logging mechanisms are not sufficient for - your - audit logging needs, you may need a custom log4j appender. - The - custom - appender will have access to log4j LoggingEvents to the - AUDIT_LOG - context, which have a - message that is an instance of - org.teiid.logging.api.AuditMessage defined in the - teiid-connector-api-&versionNumber;.jar. - AuditMessages include - information about user, the action, and the - target(s) of the action. - </para> - <para> - See - <link linkend="general_logging">General Logging</link> - for more information on utilizing log4j. - </para> - </sect2> - </sect1> </chapter> \ No newline at end of file Modified: trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml =================================================================== --- trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml 2010-06-17 18:35:22 UTC (rev 2240) +++ trunk/documentation/developer-guide/src/main/docbook/en-US/content/security.xml 2010-06-17 18:51:53 UTC (rev 2241) @@ -1,93 +1,44 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> -<chapter id="custom_security"> - <title>Teiid Security</title> - <para>The Teiid system provides a range of built-in and extensible - security features to enable the - secure access of data.  </para> - <sect1> - <title>Authentication</title> - <para>JDBC clients may use simple passwords to authenticate a user. - </para> - <para>Typically a user name is required, however user names may be - considered optional if the - identity of the user can be discerned by - the password credential alone.  In - any case it is up - to the configured - security domain to determine whether a user can be - authenticated. - </para> - </sect1> - <sect1> - <title>Authorization</title> - <para>Authorization covers both administrative activities and - data - roles.  A data role is a collection of permissions (also referred to - as entitlements) and a - collection of entitled principals or groups. - With the deployment of a VDB - the deployer can choose which principals - and groups have which data roles.</para> - </sect1> - <sect1> - <title>Encryption</title> - <para>At a transport level Teiid provides built-in support for JDBC - over SSL or just sensitive message encryption when SSL is not in use. - </para> - <para> - Passwords in configuration files however are by default stored in - plain text. If you need these values to be encrypted, please see - <ulink - url="http://community.jboss.org/wiki/maskingpasswordsinjbossasxmlcon... passwords</ulink> - for instructions on encryption facilities provided by the container. - </para> - </sect1> - <sect1> - <title>LoginModules</title> - <para> - LoginModules are an essential part of the JAAS security - framework and provide Teiid customizable user authentication and the - ability to reuse existing LoginModules defined for JBossAS. See - <ulink - url="http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.ht... Security</ulink> - for general information on configuring security in JBossAS.</para> - <para> - Teiid can be configured with multiple named application policies - that group together relevant LoginModules. Each of these application - policy (or domains) names can be used to fully - qualify user names to - authenticate only against that domain.  The format for a qualified - name is username@domainname. - </para> - <para>If a user name is not fully qualified, then the installed - domains will be consulted in order until a domain - successfully or unsuccessfully authenticates the - user. - </para> - <para>If no domain can authenticate the user, the logon - attempt will fail. - Details of the failed attempt including invalid users, which - domains were consulted, etc. will be in the server log with appropriate - levels of severity.</para> - <sect2> +<chapter id="custom_login_modules"> + <title>Login Modules</title> + <para>The Teiid system provides a range of built-in and extensible security features to enable the + secure access of data.  For details about how to configure the available security features check out + Admin Guide.</para> + <para> + LoginModules are an essential part of the JAAS security + framework and provide Teiid customizable user authentication and the + ability to reuse existing LoginModules defined for JBossAS. See + <ulink + url="http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.ht... Security</ulink> + for general information on configuring security in JBossAS.</para> + + <sect1> <title>Built-in LoginModules</title> - <para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP.</para> - <para>The UsersRolesLoginModule, which utilizes simple text files - to authenticate users and to define - their groups.  The teiid-jboss-beans.xml configuration file contains an example of how to use UsersRolesLoginModule. - Note that this is typically not for production use. - </para> - <para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for utilizing LDAP based authentication. - </para> - </sect2> - <sect2> + <para>JBossAS provides several LoginModules for common authentication needs, such as authenticating from text files or LDAP. + The below are are some of the available in JBoss AS </para> + + <para>See for all the available <ulink url="http://community.jboss.org/docs/DOC-11287"> login modules.</ulink></para> + + <para>See <ulink url="http://community.jboss.org/docs/DOC-12510">UserRoles LoginModule configuration</ulink> + for utilizing simple file based authentication.</para> + <para>See <ulink url="http://community.jboss.org/docs/DOC-11253">LDAP LoginModule configuration</ulink> for + utilizing LDAP based authentication. </para> + <para>See <ulink url="http://community.jboss.org/docs/DOC-9511">Database LoginModule configuration</ulink> for + utilizing Database based authentication. </para> + + <para>See <ulink url="http://community.jboss.org/docs/DOC-9160">Cert LoginModule configuration</ulink> for + utilizing X509 certificate based authentication. </para> + </sect1> + <sect1> <title>Custom LoginModules</title> <para> If your authentication needs go beyond the provided LoginModules, please consult the <ulink url="http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMD... development guide</ulink>. There are also numerous guides available. </para> - </sect2> - </sect1> + + <para>If you are extending one of the built-in LoginModules, please see + <ulink url="http://community.jboss.org/docs/DOC-9466">this</ulin... + </sect1> </chapter> \ No newline at end of file