Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

6.2.

<authorization>
This element contains <policy-module> elements that define the policy module used to authorize application users, and whether the module is required:
When multiple <policy-module> elements are present, they form a collective group of requirements that must be met before authorization is verified. This collective group is called a stack.
<policy-module>
This element uses the code attribute to specify what policy module implementation an application can use, and the flag attribute to tell the application how to parse each policy module present in the policy stack. The flag attribute supports the following values:
required
The module must succeed for authorization to be successful. If any required <policy-module> fails, the authorization attempt will fail. The remaining modules in the stack are called regardless of the outcome of the module.
requisite
The module is required to succeed. If it succeeds, authorization continues down the stack. If it fails, control immediately returns to the application.
sufficient
The login module is not required to succeed. If it does succeed, control immediately returns to the application. If it fails, authorization continues down the stack.
optional
The login module is not required to succeed. Authorization still continues to proceed down the stack regardless of whether the module succeeds or fails.