4.3. Configuring the Security Subsystem
4.3.1. Configure the Security Subsystem
You can configure the security subsystem using the Management CLI or web-based Management Console.
Each top-level element within the security subsystem contains information about a different aspect of the security configuration. Refer to Section 4.2, “About the Structure of the Security Subsystem” for an example of security subsystem configuration.
- This section overrides high-level behaviors of the security subsystem. Each setting is optional. It is unusual to change any of these settings except for deep copy subject mode.
Option Description deep-copy-subject-modeSpecifies whether to copy or link to security tokens, for additional thread safety. authentication-manager-class-nameSpecifies an alternate AuthenticationManager implementation class name to use. authorization-manager-class-nameSpecifies an alternate AuthorizationManager implementation class name to use. audit-manager-class-nameSpecifies an alternate AuditManager implementation class name to use. identity-trust-manager-class-nameSpecifies an alternate IdentityTrustManager implementation class name to use. mapping-manager-class-nameSpecifies the MappingManager implementation class name to use.
- The subject factory controls creation of subject instances. It may use the authentication manager to verify the caller. The main use of the subject factory is for JCA components to establish a subject.It is unusual to need to modify the subject factory.
- A container element which holds multiple security domains. A security domain may contain information about authentication, authorization, mapping, and auditing modules, as well as JASPI authentication and JSSE configuration. Your application would specify a security domain to manage its security information.
- Contains names and values of properties which are set on the java.security.Security class.