[jboss-cvs] JBossAS SVN: r75797 - in projects/security/security-jboss-sx/trunk/jbosssx/src/resources: dtd and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Jul 14 13:10:44 EDT 2008


Author: sguilhen at redhat.com
Date: 2008-07-14 13:10:44 -0400 (Mon, 14 Jul 2008)
New Revision: 75797

Added:
   projects/security/security-jboss-sx/trunk/jbosssx/src/resources/dtd/
   projects/security/security-jboss-sx/trunk/jbosssx/src/resources/dtd/security_config.dtd
Log:
SECURITY-260: Moving security_config.dtd from metadata to jbosssx.



Added: projects/security/security-jboss-sx/trunk/jbosssx/src/resources/dtd/security_config.dtd
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/resources/dtd/security_config.dtd	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/resources/dtd/security_config.dtd	2008-07-14 17:10:44 UTC (rev 75797)
@@ -0,0 +1,100 @@
+<?xml version='1.0' encoding='UTF-8' ?>
+
+<!--Generated by XML Authority-->
+
+<!-- This is the XML DTD for the JBoss 3.0 security policy configuration.
+The DOCTYPE is:
+  <!DOCTYPE policy PUBLIC
+      "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+      "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+$Id: security_config.dtd 20476 2004-04-17 13:29:24Z tdiesler $
+$Revision: 20476 $
+
+The outline of the application-policy is:
+<policy>
+ <application-policy name="security-domain-name">
+  <authentication>
+    <login-module code="login.module1.class.name" flag="control_flag">
+      <module-option name = "option1-name">option1-value</module-option>
+      <module-option name = "option2-name">option2-value</module-option>
+      ...
+    </login-module>
+
+    <login-module code="login.module2.class.name" flag="control_flag">
+      ...
+    </login-module>
+    ...
+  </authentication>
+ </application-policy>
+</policy>
+-->
+<!-- The root element of the security policy configuration -->
+<!ELEMENT policy (application-policy+)>
+
+<!-- An application-policy defines the security configuration for an application domain. Currently
+this consists of only the login module configurations specified in the authentication -->
+<!ELEMENT application-policy (authentication)>
+
+<!-- The application-policy name attribute gives the name of the security domain.
+-->
+<!ATTLIST application-policy name CDATA  #REQUIRED>
+
+<!-- The authentication element contains the login module stack configuration. Each
+login module configuration is specified using a login-module element.
+-->
+<!ELEMENT authentication (login-module+)>
+
+<!-- The login-module element defines a JAAS login module configuration entry. Each
+entry must have a code and flag attribute along with zero or more login module options
+specified via the module-option element.
+-->
+<!ELEMENT login-module (module-option*)>
+
+<!-- The flag attribute controls how a login module participates in the overall authentication proceedure.
+Required     - The LoginModule is required to succeed.
+			If it succeeds or fails, authentication still continues
+			to proceed down the LoginModule list.
+
+Requisite    - The LoginModule is required to succeed.
+			If it succeeds, authentication continues down the
+			LoginModule list.  If it fails,
+			control immediately returns to the application
+			(authentication does not proceed down the
+			LoginModule list).
+
+Sufficient   - The LoginModule is not required to
+			succeed.  If it does succeed, control immediately
+			returns to the application (authentication does not
+			proceed down the LoginModule list).
+			If it fails, authentication continues down the
+			LoginModule list.
+
+Optional     - The LoginModule is not required to
+			succeed.  If it succeeds or fails,
+			authentication still continues to proceed down the
+			LoginModule list.
+
+The overall authentication succeeds only if all required and requisite LoginModules succeed. If a sufficient
+LoginModule is configured and succeeds, then only the required and requisite LoginModules prior to that
+sufficient LoginModule need to have succeeded for the overall authentication to succeed. If no required or
+requisite LoginModules are configured for an application, then at least one sufficient or optional LoginModule
+must succeed. 
+-->
+<!ATTLIST login-module flag  (required | requisite | sufficient | optional )  #REQUIRED>
+
+<!-- The code attribute gives the fully qualifed class name of the javax.security.auth.spi.LoginModule
+interface implementation for the login module.
+-->
+<!ATTLIST login-module code CDATA  #REQUIRED>
+
+<!-- A module option defines a name, value pair of strings that are passed to a LoginModule when it
+is initialized during the login proceedure. The name attribute defines the option name while the
+element value is the option string value.
+-->
+<!ELEMENT module-option (#PCDATA)>
+
+<!-- The name attribute specifies the name of the login module option.
+-->
+<!ATTLIST module-option name CDATA  #REQUIRED>
+




More information about the jboss-cvs-commits mailing list