1 / 10

Setting Up Security in JBoss: A Comprehensive Guide to JAAS Configuration

This guide provides a detailed overview of setting up security in JBoss, focusing on the implementation of security domains based on Java Authentication and Authorization Service (JAAS). Explore how to centralize security management within your JBoss server, configure login modules, and secure data sources, web applications, and EJBs. Detailed examples are provided, including configurations for DataSources, Web Applications, and EJBs, along with policies and user role management using the ConfiguredIdentityModule and UsersRolesLoginModule to streamline authentication processes.

sebastian-lane
Télécharger la présentation

Setting Up Security in JBoss: A Comprehensive Guide to JAAS Configuration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Setting up Securityin JBoss References: “Getting Started with JBoss, J2EE applications on the JBoss 3.2.x Server”, Luke Taylor and The JBoss Group. http://www.jboss.org/modules/html/docs/jbossj2ee.pdf JBoss Security Setup

  2. Security Domains (a.k.a Realms) • Implement security policy within the application server • Based on JAAS • See JBoss JAAS How To • http://prdownloads.sourceforge.net/jboss/jaashowto-32x.zip?download • Referenced by DataSources, Web Applications, EJBs, etc. • Centralizes the management/implementation of security within the application server • Security domain name mapped to login modules within $JBOSS_SERVER/conf/login-config.xml JBoss Security Setup

  3. Example Reference in DataSource //based on $JBOSS_SERVER/deploy/hsqldb_ds.xml <datasources> <local-tx-datasource> <jndi-name>DefaultDS</jndi-name> <connection-url> jdbc:hsqldb:${jboss.server.data.dir}${/}hypersonic${/}localDB </connection-url> <driver-class>org.hsqldb.jdbcDriver</driver-class> <security-domain>HsqlDbRealm</security-domain> </local-tx-datasource> </datasources> JBoss Security Setup

  4. Example Reference in Web Application //based on $JBOSS_SERVER/deploy/jmx-console/WEB-INF/jboss-web.xml <jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web> JBoss Security Setup

  5. Example Reference in EJB // $EJB/META-INF/jboss.xml <jboss> <security-domain>java:/some-domain</security-domain> </jboss> JBoss Security Setup

  6. $JBOSS_SERVER/conf/login-config.xml <policy> <application-policy name = “name"> <authentication> <login-module code = "LoginModule Implementation Class" flag = “satisfaction requirement"> <module-option name = “name">value</module-option> </login-module> … </authentication> </application-policy> … </policy> used as security-domain name a Java implementation class states level of requirement for passing of policy to grant access module-specific options JBoss Security Setup

  7. $JBOSS_SERVER/conf/login-config.xml • application-policy • name defines security-domain • missing application-policies are mapped to “other” application-policy at bottom of login-config.xml file • authentication • contains one or more login modules • login module • specifies a JAAS implementation to authenticate user • flags • required: module must succeed for user to be authenticated JBoss Security Setup

  8. Login Modules • ConfiguredIdentityModule • sets the user identity to a constant value • UsersRolesLoginModule • uses two property files to authenticate user and assign roles JBoss Security Setup

  9. ConfiguredIdentityModule • class: org.jboss.security.auth.spi. ConfiguredIdentityModule • sets the user identity to a constant value • useful when accessing external resource with single account while application server manages individual accounts • principal • <module-option name = "principal">sa</module-option> • username • <module-option name = "userName">sa</module-option> • password • <module-option name = "password"></module-option> JBoss Security Setup

  10. UsersRolesLoginModule • class: org.jboss.security.auth.spi.UsersRolesLoginModule • uses two property files to authenticate user and assign roles • users.properties – contains user logins and plain text passwords • user1=password1 • user2=password2 • roles.properties – contains mapping of user login to roles • user1=role1,role2 • user2=role1 • Files located in classpath • can be within EAR for applications • Names can be customized with module-options • <module-option name="usersProperties">jmx-console-users.properties</module-option> • <module-option name="rolesProperties">jmx-console-roles.properties</module-option> JBoss Security Setup

More Related