0 Replies Latest reply: May 7, 2012 1:04 PM by karin k RSS

security-domain: configuration for authorization

karin k Newbie

Hi everybody

 

I was playing around a bit with the security subsystem of JBoss AS 7 (version 7.1.1)

 

For testing purpose I have configured the following in the standalone.xml file

 

  <security-domain name="other" cache-type="default">

                    <authentication>

                        <login-module code="Simple" flag="required"/>

                    </authentication>

                    <authorization>

                        <policy-module code="DenyAll" flag="required"/>

                    </authorization>

  </security-domain>

 

In my test app (the quickstart helloworld servlet) I can see that for authentication the org.jboss.security.auth.spi.SimpleServerLoginModule is taken as described here https://docs.jboss.org/author/display/AS71/Security+subsystem+configuration.

But I cannot see that the class org.jboss.security.authorization.modules.AllDenyAuthorizationModule is loaded or used.

Is something wrong with my configuration?

 

Find attached my web.xml file and my standalone.xml file

 

 

 

Thanks for your help

Karin