Show Table of Contents
16.3. Security Realms
16.3.1. About Security Realms
A security realm is a series of mappings between users and passwords, and users and roles. Security realms are a mechanism for adding authentication and authorization to your EJB and Web applications. JBoss EAP 6 provides two security realms by default:
ManagementRealmstores authentication information for the Management API, which provides the functionality for the Management CLI and web-based Management Console. It provides an authentication system for managing JBoss EAP 6 itself. You could also use the
ManagementRealmif your application needed to authenticate with the same business rules you use for the Management API.
ApplicationRealmstores user, password, and role information for Web Applications and EJBs.
Each realm is stored in a number of files on the filesystem:
REALM-users.propertiesstores usernames and hashed passwords.
REALM-roles.propertiesstores user-to-role mappings.
mgmt-groups.propertiesstores user-to-group mapping file for
ManagementRealm. Only used when Role-based Access Control (RBAC) is enabled.
The properties files are stored in the
standalone/configuration/directories. The files are written simultaneously by the
add-user.batcommand. When you run the command, the first decision you make is which realm to add your new user to.