Security Configuration Parsing in JBoss AS 5/EAP 5

This article will describe the Security Configuration facilities available in JBoss AS5.0 and beyond.  This applies to JBoss Enterprise Application Platform v5.0 and beyond.

 

Parsers

There are 3 parsers involved.

  • JBossXB based org.jboss.security.authorization.config.SecurityConfigObjectModelFactory (which extends org.jboss.security.auth.login.LoginConfigObjectModelFactory).
  • JBoss Microcontainer based parser.
  • JavaCC based default JAAS Configuration parser.

Configuration Files

There are 4 types of configuration files where the security domain information may be provided.

  1. login-config.xml
  2. DynamicLoginConfigService via jboss-service.xml
  3. Microcontainer based xxx-jboss-beans.xml
  4. JDK JAAS config such as auth.conf

 

login-config.xml

This is the historic configuration file that is provided in the conf directory.

DynamicLoginConfig

More information can be obtained here.

Microcontainer based Configuration

More information here.

JDK JAAS Configuration

Supported but not recommended.

An example auth.conf is here:

 other {

// Put your login modules that work without jBoss here

// jBoss LoginModule

org.jboss.security.ClientLoginModule required;

// Put your login modules that need jBoss here

};
 


What Configuration can be provided?

 

You can provide the configuration for authentication, authorization, mapping and audit at the security domain level in login-config.xml, DynamicLoginConfig (via jboss-service.xml) or the new JBossMC based config.

 

How do all these work?

We instantiate a JDK Configuration class called as XMLLoginConfigImpl that we set as:

Configuration.setConfiguration()

 

This is our custom Configuration class that includes invoking the appropriate parsers (mainly parsing login-config.xml, DynamicLoginConfig or the JDK JAAS config).

 

It is set in the JaasSecurityManagerService MBean in the conf/jboss-service.xml

 

The JBossMC based new configuration is performed by the MC based parsers from here.