Jump To Close Expand all Collapse all Table of contents Security Guide I. Security for Red Hat JBoss Enterprise Application Platform 6 Expand section "I. Security for Red Hat JBoss Enterprise Application Platform 6" Collapse section "I. Security for Red Hat JBoss Enterprise Application Platform 6" 1. Introduction Expand section "1. Introduction" Collapse section "1. Introduction" 1.1. About Red Hat JBoss Enterprise Application Platform 6 (JBoss EAP 6) 1.2. About Securing JBoss Enterprise Application Platform 6 2. Security Overview Expand section "2. Security Overview" Collapse section "2. Security Overview" 2.1. About Declarative Security Expand section "2.1. About Declarative Security" Collapse section "2.1. About Declarative Security" 2.1.1. Java EE Declarative Security Overview 2.1.2. Security References 2.1.3. Security Identity 2.1.4. Security Roles 2.1.5. EJB Method Permissions 2.1.6. Enterprise Beans Security Annotations 2.1.7. Web Content Security Constraints 2.1.8. Enable Form-based Authentication 2.1.9. Enable Declarative Security 3. Introduction to JAAS Expand section "3. Introduction to JAAS" Collapse section "3. Introduction to JAAS" 3.1. About JAAS 3.2. JAAS Core Classes 3.3. Subject and Principal classes 3.4. Subject Authentication II. Securing the Platform Expand section "II. Securing the Platform" Collapse section "II. Securing the Platform" 4. The Security Subsystem Expand section "4. The Security Subsystem" Collapse section "4. The Security Subsystem" 4.1. About the Security Subsystem 4.2. About the Structure of the Security Subsystem 4.3. Configuring the Security Subsystem Expand section "4.3. Configuring the Security Subsystem" Collapse section "4.3. Configuring the Security Subsystem" 4.3.1. Configure the Security Subsystem 4.3.2. Security Management 4.3.3. Security Domains 5. PicketLink Identity Management Expand section "5. PicketLink Identity Management" Collapse section "5. PicketLink Identity Management" 5.1. About Security Token Service (STS) 5.2. Configure PicketLink STS 5.3. About PicketLink STS Login Modules 5.4. Configure STSIssuingLoginModule 5.5. Configure STSValidatingLoginModule 5.6. SAML Web Browser Based SSO Expand section "5.6. SAML Web Browser Based SSO" Collapse section "5.6. SAML Web Browser Based SSO" 5.6.1. About SAML Web Browser Based SSO 5.6.2. Setup SAML v2 based Web SSO using HTTP/Redirect Binding 5.6.3. Configure Identity Provider 5.6.4. Configure Service Provider 5.6.5. Setup SAML v2 based Web SSO using HTTP/POST Binding 5.7. Configure SAML Global Logout Profile 5.8. Kerberos and SPNEGO Integration Expand section "5.8. Kerberos and SPNEGO Integration" Collapse section "5.8. Kerberos and SPNEGO Integration" 5.8.1. About Kerberos and SPNEGO Integration 5.8.2. Desktop SSO using SPNEGO 5.8.3. Configure JBoss Negotiation for Microsoft Windows Domain 5.9. Authentication Expand section "5.9. Authentication" Collapse section "5.9. Authentication" 5.9.1. About Authentication 5.9.2. Configure Authentication in a Security Domain 5.10. Java Authentication SPI for Containers (JASPI) Expand section "5.10. Java Authentication SPI for Containers (JASPI)" Collapse section "5.10. Java Authentication SPI for Containers (JASPI)" 5.10.1. About Java Authentication SPI for Containers (JASPI) Security 5.10.2. Configure Java Authentication SPI for Containers (JASPI) Security 5.11. Authorization Expand section "5.11. Authorization" Collapse section "5.11. Authorization" 5.11.1. About Authorization 5.11.2. Configure Authorization in a Security Domain 5.12. Java Authorization Contract for Containers (JACC) Expand section "5.12. Java Authorization Contract for Containers (JACC)" Collapse section "5.12. Java Authorization Contract for Containers (JACC)" 5.12.1. About Java Authorization Contract for Containers (JACC) 5.12.2. Configure Java Authorization Contract for Containers (JACC) Security 5.12.3. Fine Grained Authorization Using XACML 5.13. Security Auditing Expand section "5.13. Security Auditing" Collapse section "5.13. Security Auditing" 5.13.1. About Security Auditing 5.13.2. Configure Security Auditing 5.13.3. New Security Properties 5.14. Security Mapping Expand section "5.14. Security Mapping" Collapse section "5.14. Security Mapping" 5.14.1. About Security Mapping 5.14.2. Configure Security Mapping in a Security Domain 5.15. Use a Security Domain in Your Application 6. Java Security Manager Expand section "6. Java Security Manager" Collapse section "6. Java Security Manager" 6.1. About the Java Security Manager 6.2. About Java Security Manager Policies 6.3. Write a Java Security Manager Policy 6.4. Java Security Policy Statements 6.5. Run JBoss EAP 6 Within the Java Security Manager 6.6. Debug Security Manager Policies 7. Security Realms Expand section "7. Security Realms" Collapse section "7. Security Realms" 7.1. About Security Realms 7.2. Add a New Security Realm 7.3. Add a User to a Security Realm 8. Encryption Expand section "8. Encryption" Collapse section "8. Encryption" 8.1. About Encryption 8.2. About SSL Encryption 8.3. Implement SSL Encryption for the JBoss EAP 6 Web Server 8.4. Generate a SSL Encryption Key and Certificate 8.5. SSL Connector Reference 8.6. FIPS 140-2 Compliant Encryption Expand section "8.6. FIPS 140-2 Compliant Encryption" Collapse section "8.6. FIPS 140-2 Compliant Encryption" 8.6.1. About FIPS 140-2 Compliance 8.6.2. FIPS 140-2 Compliant Passwords 8.6.3. Enable FIPS 140-2 Cryptography for SSL on Red Hat Enterprise Linux 6 9. Network Security Expand section "9. Network Security" Collapse section "9. Network Security" 9.1. Secure the Management Interfaces 9.2. Specify Which Network Interface JBoss EAP 6 Uses 9.3. Configure Network Firewalls to Work with JBoss EAP 6 9.4. Network Ports Used By JBoss EAP 6 10. Management Interface Security Expand section "10. Management Interface Security" Collapse section "10. Management Interface Security" 10.1. Secure the Management Interfaces 10.2. Default User Security Configuration 10.3. Overview of Advanced Management Interface Configuration 10.4. Disable the HTTP Management Interface 10.5. Remove Silent Authentication from the Default Security Realm 10.6. Disable Remote Access to the JMX Subsystem 10.7. Configure Security Realms for the Management Interfaces 10.8. Configure the Management Console for HTTPS in Standalone mode 10.9. Configure the Management Console for HTTPS in Domain mode 10.10. Using 2-way SSL for the Management interface and the CLI 10.11. Password Vaults for Sensitive Strings Expand section "10.11. Password Vaults for Sensitive Strings" Collapse section "10.11. Password Vaults for Sensitive Strings" 10.11.1. About Securing Sensitive Strings in Clear-Text Files 10.11.2. Create a Java Keystore to Store Sensitive Strings 10.11.3. Mask the Keystore Password and Initialize the Password Vault 10.11.4. Configure JBoss EAP 6 to Use the Password Vault 10.11.5. Store and Retrieve Encrypted Sensitive Strings in the Java Keystore 10.11.6. Store and Resolve Sensitive Strings In Your Applications 10.12. LDAP Expand section "10.12. LDAP" Collapse section "10.12. LDAP" 10.12.1. About LDAP 10.12.2. Use LDAP to Authenticate to the Management Interfaces 11. Securing the Management Interfaces with Role-Based Access Control Expand section "11. Securing the Management Interfaces with Role-Based Access Control" Collapse section "11. Securing the Management Interfaces with Role-Based Access Control" 11.1. About Role-Based Access Control (RBAC) 11.2. Role-Based Access Control in the GUI and CLI 11.3. Supported Authentication Schemes 11.4. The Standard Roles 11.5. About Role Permissions 11.6. About Constraints 11.7. About JMX and Role-Based Access Control 11.8. Configuring Role-Based Access Control Expand section "11.8. Configuring Role-Based Access Control" Collapse section "11.8. Configuring Role-Based Access Control" 11.8.1. Overview of RBAC Configuration Tasks 11.8.2. Enabling Role-Based Access Control 11.8.3. Changing the Permission Combination Policy 11.9. Managing Roles Expand section "11.9. Managing Roles" Collapse section "11.9. Managing Roles" 11.9.1. About Role Membership 11.9.2. Configure User Role Assignment 11.9.3. Configure User Role Assignment using jboss-cli.sh 11.9.4. About Roles and User Groups 11.9.5. Configure Group Role Assignment 11.9.6. Configure Group Role Assignment with jboss-cli.sh 11.9.7. About Authorization and Group Loading with LDAP 11.9.8. About Scoped Roles 11.9.9. Creating Scoped Roles 11.10. Configuring Constraints Expand section "11.10. Configuring Constraints" Collapse section "11.10. Configuring Constraints" 11.10.1. Configure Sensitivity Constraints 11.10.2. Configure Application Resource Constraints 11.10.3. Configure the Vault Expression Constraint 11.11. Constraints Reference Expand section "11.11. Constraints Reference" Collapse section "11.11. Constraints Reference" 11.11.1. Application Resource Constraints Reference 11.11.2. Sensitivity Constraints Reference 12. Transaction Subsystem Configuration Expand section "12. Transaction Subsystem Configuration" Collapse section "12. Transaction Subsystem Configuration" 12.1. JTS Transactions Expand section "12.1. JTS Transactions" Collapse section "12.1. JTS Transactions" 12.1.1. Configure the ORB for JTS Transactions 12.1.2. JMS Configuration 13. Web, HTTP Connectors, and HTTP Clustering Expand section "13. Web, HTTP Connectors, and HTTP Clustering" Collapse section "13. Web, HTTP Connectors, and HTTP Clustering" 13.1. Configure a mod_cluster Worker Node 14. Patch Installation Expand section "14. Patch Installation" Collapse section "14. Patch Installation" 14.1. About Patches and Upgrades 14.2. About Patching Mechanisms 14.3. Subscribe to Patch Mailing Lists 14.4. Install Patches in Zip Form Expand section "14.4. Install Patches in Zip Form" Collapse section "14.4. Install Patches in Zip Form" 14.4.1. The patch Command 14.4.2. Installing Patches in Zip Form Using the patch Command 14.4.3. Rollback the Application of a Patch in Zip Form Using the patch Command 14.5. Install Patches in RPM form 14.6. Severity and Impact Rating of JBoss Security Patches 14.7. Manage Security Updates for Dependencies Bundled Inside the Applications Deployed on JBoss EAP III. Securing Applications Expand section "III. Securing Applications" Collapse section "III. Securing Applications" 15. Application Security Expand section "15. Application Security" Collapse section "15. Application Security" 15.1. About Application Security 15.2. Enabling/Disabling Descriptor Based Property Replacement 15.3. Datasource Security Expand section "15.3. Datasource Security" Collapse section "15.3. Datasource Security" 15.3.1. About Datasource Security 15.4. EJB Application Security Expand section "15.4. EJB Application Security" Collapse section "15.4. EJB Application Security" 15.4.1. Security Identity 15.4.2. EJB Method Permissions 15.4.3. EJB Security Annotations 15.4.4. Remote Access to EJBs 15.5. JAX-RS Application Security Expand section "15.5. JAX-RS Application Security" Collapse section "15.5. JAX-RS Application Security" 15.5.1. Enable Role-Based Security for a RESTEasy JAX-RS Web Service 15.5.2. Secure a JAX-RS Web Service using Annotations 16. Login Modules Expand section "16. Login Modules" Collapse section "16. Login Modules" 16.1. Using Modules Expand section "16.1. Using Modules" Collapse section "16.1. Using Modules" 16.1.1. LdapLoginModule 16.1.2. LdapExtLoginModule 16.1.3. Password Stacking 16.1.4. Password Hashing 16.1.5. Unauthenticated Identity 16.1.6. UsersRolesLoginModule 16.1.7. DatabaseServerLoginModule 16.1.8. BaseCertLoginModule 16.1.9. IdentityLoginModule 16.1.10. RunAsLoginModule 16.1.11. RunAsIdentity Creation 16.1.12. ClientLoginModule 16.1.13. SPNEGOLoginModule 16.1.14. RoleMappingLoginModule 16.2. Custom Modules Expand section "16.2. Custom Modules" Collapse section "16.2. Custom Modules" 16.2.1. Subject Usage Pattern Support 16.2.2. Custom LoginModule Example 17. Single Sign On (SSO) Expand section "17. Single Sign On (SSO)" Collapse section "17. Single Sign On (SSO)" 17.1. About Single Sign On (SSO) for Web Applications 17.2. About Clustered Single Sign On (SSO) for Web Applications 17.3. Choose the Right SSO Implementation 17.4. Use Single Sign On (SSO) In A Web Application 17.5. About Kerberos 17.6. About SPNEGO 17.7. About Microsoft Active Directory 17.8. Configure Kerberos or Microsoft Active Directory Desktop SSO for Web Applications 18. Role-Based Security in Applications Expand section "18. Role-Based Security in Applications" Collapse section "18. Role-Based Security in Applications" 18.1. About the Security Extension Architecture 18.2. Java Authentication and Authorization Service (JAAS) 18.3. About Java Authentication and Authorization Service (JAAS) 18.4. Use a Security Domain in Your Application 18.5. Use Role-Based Security In Servlets 18.6. Use A Third-Party Authentication System In Your Application 19. Migration Expand section "19. Migration" Collapse section "19. Migration" 19.1. Configure Application Security Changes A. Reference Expand section "A. Reference" Collapse section "A. Reference" A.1. Included Authentication Modules A.2. Included Authorization Modules A.3. Included Security Mapping Modules A.4. Included Security Auditing Provider Modules A.5. jboss-web.xml Configuration Reference A.6. EJB Security Parameter Reference B. Revision History Legal Notice Settings Close Language: 简体中文 日本語 Português Français English Language: 简体中文 日本語 Português Français English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 简体中文 日本語 Português Français English Language: 简体中文 日本語 Português Français English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Part II. Securing the Platform Previous Next