JBoss.org Community Documentation
The org.jboss.security.plugins.JaasSecurityDomain
is an extension of JaasSecurityManager
that adds the notion of a KeyStore
, a JSSE KeyManagerFactory
and a TrustManagerFactory
for supporting SSL and other cryptographic use cases. The additional configurable attributes of the JaasSecurityDomain
include:
KeyStoreType
: The type of the KeyStore
implementation. This is the type argument passed to the java.security.KeyStore.getInstance(String type)
factory method. The default is JKS
.
KeyStoreURL
: A URL to the location of the KeyStore
database. This is used to obtain an InputStream
to initialize the KeyStore
. If the string is not a value URL, it is treated as a file.
KeyStorePass
: The password associated with the KeyStore
database contents. The KeyStorePass
is also used in combination with the Salt
and IterationCount
attributes to create a PBE secret key used with the encode/decode operations. The KeyStorePass
attribute value format is one of the following:
The plaintext password for the KeyStore
The toCharArray()
value of the string is used without any manipulation.
A command to execute to obtain the plaintext password. The format is {EXT}...
where the ...
is the exact command line that will be passed to the Runtime.exec(String)
method to execute a platform-specific command. The first line of the command output is used as the password.
A class to create to obtain the plaintext password. The format is {CLASS}classname[:ctorarg]
where the [:ctorarg]
is an optional string that will be passed to the constructor when instantiating the classname
. The password is obtained from classname by invoking a toCharArray()
method if found, otherwise, the toString()
method is used.
Salt
: The PBEParameterSpec
salt value.
IterationCount
: The PBEParameterSpec
iteration count value.
TrustStoreType
: The type of the TrustStore
implementation. This is the type argument passed to the java.security.KeyStore.getInstance(String type)
factory method. The default is JKS
.
TrustStoreURL
: A URL to the location of the TrustStore
database. This is used to obtain an InputStream
to initialize the KeyStore
. If the string is not a value URL, it is treated as a file.
TrustStorePass
: The password associated with the trust store database contents. The TrustStorePass
is a simple password and doesn't have the same configuration options as the KeyStorePass
.
ManagerServiceName
: Sets the JMX object name string of the security manager service MBean. This is used to register the defaults to register the JaasSecurityDomain
as a the security manager under java:/jaas/<domain>
where <domain>
is the name passed to the MBean constructor. The name defaults to jboss.security:service=JaasSecurityManager
.