Chapter 7. Configuring a Security Domain to use a Security Mapping

Adding a security mapping to a security domain allows for authentication and authorization information to be combined after the authentication or authorization happens, but before the information is passed to the application. For more information on security mapping, please see the Security Mapping section of the Red Hat JBoss Enterprise Application Platform 6 Security Architecture guide.

To add a security mapping to an existing security domain, a code, type, and relavant module options must be configured. The code field is the short name (e.g. SimpleRoles, PropertiesRoles, DatabaseRoles) or class name of the security mapping module. The type field refers to the type of mapping this module performs, and the allowed values are principal, role, attribute, or credential. For a full list of the available security mapping modules and their module options, refer to the Security Mapping Modules section of the Red Hat JBoss Enterprise Application Platform 6 Security Guide.

Example CLI Commands for Adding a SimpleRoles Security Mapping to an Existing Security Domain

/subsystem=security/security-domain=sampleapp/mapping=classic:add

/subsystem=security/security-domain=sampleapp/mapping=classic/mapping-module=SimpleRoles:add( \
code=SimpleRoles, \
type=role, \
module-options=[("user1"=>"specialRole")])
reload

Resulting XML

<security-domain name="sampleapp">
  <authentication>
  ...
  </authentication>
  <mapping>
    <mapping-module code="SimpleRoles" type="role">
      <module-option name="user1" value="specialRole"/>
    </mapping-module>
  </mapping>
</security-domain>