9.3. Configure the Security Subsystem

The top-level configuration of the security subsystem includes one attribute, deep-copy-subject-mode which includes child elements security-domains and security-properties. You can configure the security subsystem using the Management CLI or web-based Management Console.
Deep Copy Mode

If deep copy subject mode is disabled (the default), copying a security data structure makes a reference to the original, rather than copying the entire data structure. This behavior is more efficient, but is prone to data corruption if multiple threads with the same identity clear the subject by means of a flush or logout operation.

Deep copy subject mode causes a complete copy of the data structure and all its associated data to be made, as long as they are marked cloneable. This is more thread-safe, but less efficient.
System-Wide Security Properties

You can set system-wide security properties, which are applied to class java.security.Security class.

Security Domains

A security domain is a set of Java Authentication and Authorization Service (JAAS) declarative security configurations which one or more applications use to control authentication, authorization, security auditing, and security mapping. Three security domains are included by default: jboss-ejb-policy, jboss-web-policy, and other. The Management API, Management Console, and Management CLI use the other security domain. You can create as many security domains as you need to accomodate the needs of your applications.