Chapter 17. Jakarta Security
17.1. About Jakarta Security
Jakarta Security defines plug-in interfaces for authentication and identity stores, and a new injectable-type SecurityContext interface that provides an access point for programmatic security. For details about the specifications, see Jakarta Security Specification.
17.2. Configure Jakarta Security Using Elytron
Enabling Jakarta Security Using the elytron Subsystem
The SecurityContext
interface defined in Jakarta Security uses the Jakarta Authorization policy provider to access the current authenticated identity. To enable your deployments to use the SecurityContext
interface, you must configure the elytron
subsystem to manage the Jakarta Authorization configuration and define a default Jakarta Authorization policy provider.
Disable Jakarta Authorization in the legacy
security
subsystem. Skip this step if Jakarta Authorization is already configured to be managed by Elytron./subsystem=security:write-attribute(name=initialize-jacc, value=false)
Define a Jakarta Authorization policy provider in the
etlyron
subsystem and reload the server./subsystem=elytron/policy=jacc:add(jacc-policy={}) reload
Enabling Jakarta Security for Web Applications
To enable Jakarta Security for a web application, the web application needs to be associated with either an Elytron http-authentication-factory
or a security-domain
. This installs the Elytron security handlers and activates the Elytron security framework for the deployment.
The minimal steps to enable Jakarta Security are:
-
Leave the
default-security-domain
attribute on theundertow
subsystem undefined so that it defaults toother
. Add an
application-security-domain
mapping fromother
to an Elytron security domain:/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false)
When
integrated-jaspi
is set tofalse
, ad-hoc identities are created dynamically.
Jakarta Security is built on Jakarta Authentication. For information about configuring Jakarta Authentication, see Configure Jakarta Authentication Security Using Elytron.