Security-specific configuration details for the SwitchYard JBoss Subsystem.
Security Context Timeout
A SecurityContext is a SwitchYard-internal construct that maintains information regarding a client's authenticated Subject for what security domains, as well as a list of built-up credentials (think name, password, certificate, etc). This security context, by default, does not expire, however is only valid within the current running instance of SwitchYard. That is to say, if an invocation crosses a process or network boundary, re-authentication and authorization checks will need to be re-done. That being said, you can configure the security context to expire after a specified number of milliseconds. To do that, within your AS standalone.xml file, add the appropriate security-config section, as shown below:
<subsystem xmlns="urn:jboss:domain:switchyard:1.0">
<security-configs>
<security-config identifier="org.switchyard.security.context.SecurityContext">
<properties>
<timeoutMillis>30000</timeoutMillis>
</properties>
</security-config>
</security-configs>
</subsystem>
Encryption
Sensitive data within the JVM - including the SecurityContext mentioned above - can be encrypted as well, such that sneaky applications can't access sensitive user credentials. Configuring encryption is a security-system-wide endeavor, and can be done adding the appropriate security-config section, as shown below:
<subsystem xmlns="urn:jboss:domain:switchyard:1.0">
<security-configs>
<security-config identifier="org.switchyard.security.crypto.PrivateCrypto">
<properties>
<sealAlgorithm>TripleDES</sealAlgorithm>
<sealKeySize>168</sealKeySize>
</properties>
</security-config>
</security-configs>
</subsystem>
Note that acceptable values for sealAlgorithm and sealKeySize will depend upon the capabilities of your JVM.