-
Language:
English
-
Language:
English
Chapter 17. Java EE Security API
17.1. About Java EE Security API
Java EE Security API defines plug-in interfaces for authentication and identity stores, and a new injectable-type SecurityContext interface that provides an access point for programmatic security. It is defined in JSR-375 of the Java Community Process. For details about the specifications, see Java EE Security API Specification.
17.2. Configure Java EE Security API Using Elytron
Enabling Java EE Security API Using the elytron Subsystem
The SecurityContext
interface defined in the Java EE Security API uses the Java Authorization Contract for Containers (JACC) policy provider to access the current authenticated identity. To enable your deployments to use the SecurityContext
interface, you must configure the elytron
subsystem to manage the JACC configuration and define a default JACC policy provider.
Disable JACC in the legacy
security
subsystem. Skip this step if JACC is already configured to be managed by Elytron./subsystem=security:write-attribute(name=initialize-jacc, value=false)
Define a JACC policy provider in the
etlyron
subsystem and reload the server./subsystem=elytron/policy=jacc:add(jacc-policy={}) reload
Enabling Java EE Security API for Web Applications
To enable the Java EE Security API for a web application, the web application needs to be associated with either an Elytron http-authentication-factory
or a security-domain
. This installs the Elytron security handlers and activates the Elytron security framework for the deployment.
The minimal steps to enable the Java EE Security API are:
-
Leave the
default-security-domain
attribute on theundertow
subsystem undefined so that it defaults toother
. Add an
application-security-domain
mapping fromother
to an Elytron security domain:/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false)
When
integrated-jaspi
is set tofalse
, ad-hoc identities are created dynamically.
The Java EE Security API is built on JASPI. For information about configuring JASPI, see Configure Java Authentication SPI for Containers (JASPI) Security Using Elytron.