Network Level - SSL(Secured Socket Layer)
Application Server Level
- Role Base Access Control(RB AC Security)
- JAAS - Java Authentication & Authorization Security
- Programmatic Security
- Declarative Security(JAAS) (Spring JAAS Security,JBoss JAS)
JAAS - J2EE API
Application Developer -> web.xml -> Application Server
web.xml -> welcome page,JAAS Security information,
Jboss authentication manager intercepts the request for a servlet requested by user.And Jboss will redirect the servlet request to login page for security for user authentication.
Authentication - id/passwords are available in the database or not.
Authorization - Rule based security.
Steps for implementing JBoss JAAS
----------------------------------------
Authentication - id/passwords are available in the database or not.
Authorization - Rule based security.
Steps for implementing JBoss JAAS
----------------------------------------
- Create a security domain JBoss - Implemented as a common subsystem in JBoss available to all profiles.
- create a logging module.
- Configure JAAS parameters in web.xml.
- Deploy and test.
Jboss DB login module - Creating a security Domain in JBoss
- dsjndiName
- principalsQuery
- rolesQuery
No comments:
Post a Comment