[jboss-dev-forums] [JBoss AS7 Development] - Management API Security Possible Configuration Samples

Thu Mar 3 10:47:04 EST 2011

Darran Lofthouse [http://community.jboss.org/people/dlofthouse] modified the document:

"Management API Security Possible Configuration Samples"

To view the document, visit: http://community.jboss.org/docs/DOC-16576

--------------------------------------------------------------
h1. Management API Security Possible Configuration Samples
When defining the management API security there are a couple of options regarding how we could structure the configuration, for these options we also need to consider how it will look for both domain deployments and for a standalone server.

So far these samples show the authentication configuration, the ACLs for authorization still need to be considered.

h2. Host Focussed Configuration (Authentication)
For "Host Focussed" the bulk of the configuration would be in the host.xml.

h3. Domain Example
*domain.xml*

<?xml version="1.0" ?>

*host.xml*
<?xml version="1.0" ?>

h3. Standalone Example
*standalone.xml*
<server xmlns="urn:jboss:domain:1.0"
...
    <management>
        <datasource-pools>
          <pool name="UsersDatabase">
            <pool-option name="driver" value="org.something.JDBCDriver"/>
            <pool-option name="url" value="db://somehost:someport"/>
          </pool>
        </datasource-pools>
        <security>
            <security-domain>
                <login-module code="Database" flag="required">
                  <module-option name="PoolName" value="UsersDatabase" />
                </login-module>
            </security-domain>
        </security>
        <native-api interface="public" port="9991"/>
        <http-api interface="public" port="9992"/>
    </management> 
...
</server>

h2. Domain Central Configuration (Authentication)
For "Domain Central" configuration as much of the configuration as possible will be in the domain.xml, remote nodes will recieve this configuration when they connect to the master domain controller.

h3. Domain Example
*domain.xml*
<?xml version="1.0" ?>

*host.xml*
<?xml version="1.0" ?>

<host xmlns="urn:jboss:domain:1.0">
...
    <management-apis>
        <native-api interface="public" port="9991"/>
        <http-api interface="public" port="9992"/>
    </management-apis> 
    <domain-controller>        <remote host="127.0.0.1" port="9999"/>
    </domain-controller>
...
</host>

h3. Standalone Example
*standalone.xml*

<server xmlns="urn:jboss:domain:1.0"
...
    <management>
        <datasource-pools>
          <pool name="UsersDatabase">
            <pool-option name="driver" value="org.something.JDBCDriver"/>
            <pool-option name="url" value="db://somehost:someport"/>
          </pool>
        </datasource-pools>
        <security>
            <security-domain>
                <login-module code="Database" flag="required">
                  <module-option name="PoolName" value="UsersDatabase" />
                </login-module>
            </security-domain>
        </security>
    </management>
    <management-apis>
        <native-api interface="public" port="9991"/>
        <http-api interface="public" port="9992"/>
    </management-apis> 
...
</server>
--------------------------------------------------------------

Comment by going to Community
[http://community.jboss.org/docs/DOC-16576]

Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20110303/622df55b/attachment.html 