-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
6.3.5. The Login InitialContext Factory Implementation
JAAS is the preferred method for authenticating a remote client to JBoss. However, for simplicity and to ease the migration from other application server environment that do not use JAAS, JBoss allows you the security credentials to be passed through the
InitialContext
. JAAS is still used under the covers, but there is no manifest use of the JAAS interfaces in the client application.
The factory class that provides this capability is the
org.jboss.security.jndi.LoginInitialContextFactory
. The complete set of support InitialContext
environment properties for this factory are:
- java.naming.factory.initial: The name of the environment property for specifying the initial context factory, which must be
org.jboss.security.jndi.LoginInitialContextFactory
. - java.naming.provider.url: This must be set to a
NamingContextFactory
provider URL. TheLoginIntialContext
is really just a wrapper around theNamingContextFactory
that adds a JAAS login to the existingNamingContextFactory
behavior. - java.naming.factory.url.pkgs: For all JBoss JNDI provider this must be
org.jboss.naming:org.jnp.interfaces
. This property is essential for locating thejnp:
andjava:
URL context factories of the JBoss JNDI provider. - java.naming.security.principal (or
Context.SECURITY_PRINCIPAL
): The principal to authenticate. This may be either ajava.security.Principal
implementation or a string representing the name of a principal. - java.naming.security.credentials (or
Context.SECURITY_CREDENTIALS
), The credentials that should be used to authenticate the principal, e.g., password, session key, etc. - java.naming.security.protocol: (
Context.SECURITY_PROTOCOL
) This gives the name of the JAAS login module to use for the authentication of the principal and credentials.