11.6.6. Configure Authorization in a Security Domain

To configure authorization settings for a security domain, log into the management console and follow this procedure.

Procedure 11.3. Setup Authorization in a Security Domain

  1. Open the security domain's detailed view.

    1. Click the Configuration label at the top of the management console.
    2. In a managed domain, select the profile to modify from the Profile drop down box at the top left.
    3. Expand the Security menu item, and select Security Domains.
    4. Click the View link for the security domain you want to edit.
  2. Navigate to the Authorization subsystem configuration.

    Select the Authorization label at the top of the screen.
    The configuration area is divided into two areas: Policies and Details. The login module is the basic unit of configuration. A security domain can include several authorization policies, each of which can include several attributes and options.
  3. Add a policy.

    Click Add to add a JAAS authorization policy module. Fill in the details for your module.
    The Code is the class name of the module. The Flag controls how the module relates to other authorization policy modules within the same security domain.
    Explanation of the Flags

    The Java Enterprise Edition 6 specification provides the following explanation of the flags for security modules. The following list is taken from http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#AppendixA. Refer to that document for more detailed information.

    Flag Details
    required
    The LoginModule is required to succeed. If it succeeds or fails, authorization still continues to proceed down the LoginModule list.
    requisite
    LoginModule is required to succeed. If it succeeds, authorization continues down the LoginModule list. If it fails, control immediately returns to the application (authorization does not proceed down the LoginModule list).
    sufficient
    The LoginModule is not required to succeed. If it does succeed, control immediately returns to the application (authorization does not proceed down the LoginModule list). If it fails, authorization continues down the LoginModule list.
    optional
    The LoginModule is not required to succeed. If it succeeds or fails, authorization still continues to proceed down the LoginModule list.
  4. Edit authorization settings

    After you have added your module, you can modify its Code or Flags by clicking Edit in the Details section of the screen. Be sure the Attributes tab is selected.
  5. Optional: Add or remove module options.

    If you need to add options to your module, click its entry in the Policies list, and select the Module Options tab in the Details section of the page. Click Add and provide the key and value for the option. Use the Remove button to remove an option.
Result

Your authorization policy module is added to the security domain, and is immediately available to applications which use the security domain.