JBoss.orgCommunity Documentation
Authentication security domains are configured statically in the /server/ file, or deployed using $PROFILE/conf/login-config.xmljboss-beans.xml deployment descriptors. For static domains, the XMLLoginConfig bean is responsible for loading security configurations specified in login-config.xml. The bean definition is located in the /server/ file. The bean is defined as shown below.
$PROFILE/deploy/security/security-jboss-beans.xml
<bean name="XMLLoginConfig" class="org.jboss.security.auth.login.XMLLoginConfig">
<property name="configResource">login-config.xml</property>
</bean>
The bean supports the following attributes:
Specifies the URL of the XML login configuration file that should be loaded by this MBean on startup. This must be a valid URL string representation.
Specifies the resource name of the XML login configuration file that should be loaded by this MBean on startup. The name is treated as a classpath resource for which a URL is located using the thread context class loader.
Specifies whether the XML configuration should be validated against its DTD. This defaults to true.
The SecurityConfig bean is responsible for selecting the javax.security.auth.login.Configuration to be used. The default configuration simply references the XMLLoginConfig bean.
<bean name="SecurityConfig" class="org.jboss.security.plugins.SecurityConfig">
<property name="mbeanServer"><inject bean="JMXKernel" property="mbeanServer"/></property>
<property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
</bean>
There is one configurable attribute:
Specifies the bean name of the MC bean that provides the default JAAS login configuration. When the SecurityConfig is started, this bean is queried for its javax.security.auth.login.Configuration by calling its getConfiguration(Configuration currentConfig) operation. If the defaultLoginConfig attribute is not specified then the default Sun Configuration implementation described in the Configuration class JavaDocs is used