JBoss.org Community Documentation
Security domains defined in the login-config.xml
file are essentially static. They are read when JBoss starts up, but there is no easy way to add a new security domain or change the definition for an existing one. The DynamicLoginConfig
service allows you to dynamically deploy security domains. This allows you to specify JAAS login configuration as part of a deployment (or just as a standalone service) rather than having to edit the static login-config.xml
file.
The service supports the following attributes:
AuthConfig
: The resource path to the JAAS login configuration file to use. This defaults to login-config.xml
LoginConfigService
: the XMLLoginConfig
service name to use for loading. This service must support a String loadConfig(URL)
operation to load the configurations.
SecurityManagerService
: The SecurityManagerService
name used to flush the registered security domains. This service must support a flushAuthenticationCache(String)
operation to flush the case for the argument security domain. Setting this triggers the flush of the authentication caches when the service is stopped.
Here is an example MBean definition using the DynamicLoginConfig
service.
<server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="..."> <attribute name="AuthConfig">login-config.xml</attribute> <!-- The service which supports dynamic processing of login-config.xml configurations. --> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <!-- Optionally specify the security mgr service to use when this service is stopped to flush the auth caches of the domains registered by this service. --> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
This will load the specified AuthConfig
resource using the specified LoginConfigService
MBean by invoking loadConfig
with the appropriate resource URL. When the service is stopped the configurations are removed. The resource specified may be either an XML file, or a Sun JAAS login configuration.