Chapter 6. Configure a Security Domain to use a Security Mapping

Adding a security mapping to a security domain allows for authentication and authorization information to be combined after the authentication or authorization happens, but before the information is passed to the application. For more information on security mapping, see the Security Mapping section of the JBoss EAP Security Architecture guide.

To add a security mapping to an existing security domain, a code, type, and relevant module options must be configured. The code field is the short name, for example SimpleRoles, PropertiesRoles, DatabaseRoles, or class name of the security mapping module. The type field refers to the type of mapping this module performs, and the allowed values are principal, role, attribute, or credential. For a full list of the available security mapping modules and their module options, see the Security Mapping Modules section of the JBoss EAP Login Module Reference.

Example: Management CLI Commands for Adding a SimpleRoles Security Mapping to an Existing Security Domain

/subsystem=security/security-domain=sampleapp/mapping=classic:add

/subsystem=security/security-domain=sampleapp/mapping=classic/mapping-module=SimpleRoles:add(code=SimpleRoles,type=role,module-options=[("user1"=>"specialRole")])

reload