Chapter 9. Securing JBoss Enterprise Application Platform

9.1. About the Security Subsystem

The security subsystem provides the infrastructure for all security functionality in the JBoss Enterprise Application Platform. Most configuration elements rarely need to be changed. The only configuration element which may need to be changed is whether to use deep-copy-subject-mode. In addition, you can configure system-wide security properties. Most of the configuration relates to security domains.
Deep Copy Mode

If deep copy subject mode is disabled (the default), copying a security data structure makes a reference to the original, rather than copying the entire data structure. This behavior is more efficient, but is prone to data corruption if multiple threads with the same identity clear the subject by means of a flush or logout operation.

Deep copy subject mode causes a complete copy of the data structure and all its associated data to be made, as long as they are marked cloneable. This is more thread-safe, but less efficient.
System-Wide Security Properties

You can set system-wide security properties, which are applied to java.security.Security class.

A security domain is a set of Java Authentication and Authorization Service (JAAS) declarative security configurations which one or more applications use to control authentication, authorization, auditing, and mapping. Three security domains are included by default: jboss-ejb-policy, jboss-web-policy, and other. The Management API, Management Console, and Management CLI use the other security domain. You can create as many security domains as you need to accomodate the needs of your applications.