[jboss-dev-forums] [Design of Security on JBoss] - Re: Security Injection in AS5
sguilhen@redhat.com
do-not-reply at jboss.com
Wed May 7 10:35:15 EDT 2008
Update on the metadata work:
Following Ales' pointers I was able to come up with a clean implementation of the metadata factory that generates the beans responsible for the definition of an application policy.
There are still a few details to address but I am ready to commit the code and work on the details later. As of now, it is possible to declare complete application policies and have them registered with the security layer:
| <deployment xmlns="urn:jboss:bean-deployer:2.0">
|
| <application-policy xmlns="urn:jboss:security-beans:1.0" name="TestPolicy1">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/>
| </authentication>
| <authorization>
| <policy-module code="org.jboss.security.authz.AuthorizationModule" flag="required">
| <module-option name="authzOption">authz.value</module-option>
| </policy-module>
| </authorization>
| <identity-trust>
| <trust-module code="org.jboss.security.trust.IdentityTrustModule" flag="required">
| <module-option name="trustOption1">trust.value1</module-option>
| <module-option name="trustOption2">trust.value2</module-option>
| </trust-module>
| </identity-trust>
| <audit>
| <provider-module code="org.jboss.security.audit.AuditModule">
| <module-option name="auditOption">audit.value</module-option>
| </provider-module>
| </audit>
| <rolemapping>
| <mapping-module code="org.jboss.security.mapping.RoleMappingModule">
| <module-option name="mappingOption1">mapping.value1</module-option>
| <module-option name="mappingOption2">mapping.value2</module-option>
| </mapping-module>
| </rolemapping>
| </application-policy>
| ....
| </deployment>
|
JASPI authentication policies can also be declared:
| <application-policy xmlns="urn:jboss:security-beans:1.0" name="TestPolicy1">
| <authentication-jaspi>
| <login-module-stack name="ModuleStack1">
| <login-module code="org.jboss.security.auth.StackModule1" flag="required">
| <module-option name="stackOption1">stack1.value1</module-option>
| </login-module>
| <login-module code="org.jboss.security.auth.StackModule2" flag="option"/>
| </login-module-stack>
| <login-module-stack name="ModuleStack2">
| <login-module code="org.jboss.security.auth.StackModule1" flag="required">
| <module-option name="stackOption1">stack2.value1</module-option>
| <module-option name="stackOption2">stack2.value2</module-option>
| </login-module>
| </login-module-stack>
| <auth-module code="org.jboss.security.auth.AuthModule" login-module-stack-ref="ModuleStack1">
| <module-option name="authOption1">auth.value1</module-option>
| <module-option name="authOption2">auth.value2</module-option>
| </auth-module>
| </authentication-jaspi>
| </application-policy>
|
There are a few tests (I'll be working on improving the tests) that run in standalone mode and those tests add, at runtime, a binding for the security-policy schema into the SingletonSchemaResolverFactory in the setUp method. For this code to work in the AS we need add this binding permanently to XB and update the AS to use a new release of XB. I've opened a thread in the JBossXB forum to address this issue.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149151#4149151
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149151
More information about the jboss-dev-forums
mailing list