Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
Chapter 6. Overview of the Security Functions
The following sections describe the JBoss security functions included in the product evaluation.
6.1. Access Control
JBoss Enterprise Application Platform has access control mechanisms to restrict access for the following request types:
- URLs and paths provided with URLs can be protected from access by subjects.
- EJBs and associated method names can be protected from invocation by subjects.
- Message queue destinations and topic destinations can be protected from access by subjects.
- Web Services
- Plain Old Java Objects (POJOs) deployed as Servlets and Session Beans can be protected from access by subjects.
- The JMX invokers can be protected by validating the role of the authenticated user.
For more information refer to the Administration and Configuration Guide.