Chapter 5. Applying Security
Note
In this chapter:
In the ToDo application, we made several concessions both to fit into the J2EE notion of security and to live within the bounds of the default authentication mechanism provided by JBoss. That mechanism, if you recall, allows for the authentication of users using Java properties files. It’s simple and quick. But although it’s the perfect solution to get an application up and running quickly, we’re willing to bet you won’t want to deploy a real application with a user management process that involves manually editing files and redeploying your application.
In this chapter, we’ll see how we can configure the behavior of JBoss to allow for much more interesting security policies around applications. We’ll see how to make JBoss pull user and role information from a relational database and from an LDAP server, and we’ll see how to combine login mechanisms to better fit the needs of a real application deployment. We’ll also take a step back to the web tier and look at how to enable SSL support for secure access to applications.
Defining a Security Domain
The action of authenticating the user (verifying the user’s password) and authorizing the user (checking whether the user has permissions to perform a given action) comes from something called a security domain. The ...
Get JBoss: A Developer's Notebook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.