[jboss-dev-forums] [Design of Security on JBoss] - Security Integration in JBAS5
anil.saldhana@jboss.com
do-not-reply at jboss.com
Wed Sep 12 16:08:37 EDT 2007
I want to jot down the current effort at integrating security into AS5.
At the container level (web/ejb), I am injecting 3 things via the deployers:
a) ISecurityManagement instance - this is just a interface to obtain the SecurityManager(AuthenticationManager,AuthorizationManager,AuditManager etc) given a security domain. (The default implementation that will be injected will be based on JNDI. So if I say securityManagement.getAuthenticationManager, that is internally going to do a JNDI lookup).
b) DefaultSecurityDomain - a security domain string to fall back on.
c) SecurityContextClassName - The Container creates a security context in the thread of execution. This FQN tells which SecurityContext implementation needs to be created.
The container after creating the SC, injects the SecurityManagement instance into the SC, such that whenever any code asks the SC for a SecurityManager, it can delegate it to the SecurityManagement instance.
war-deployer-beans.xml
|
| <!-- The WebMetaData to service mbean deployer -->
| <bean name="WarDeployer" class="org.jboss.web.tomcat.service.deployers.Tomcat
| Deployer">
| ...
| <!-- Specify a SecurityManagement Wrapper -->
| <property name="securityManagement">
| <inject bean="JNDIBasedSecurityManagement"/>
| </property>
|
| <!-- Specify a SecurityContext FQN class name -->
| <property name="securityContextClassName">org.jboss.security.plugins.JBos
| sSecurityContext</property>
|
Similar case exists for the EJB deployer.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4083648#4083648
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4083648
More information about the jboss-dev-forums
mailing list