14.2.6. About the Security Extension Architecture
The first part of the infrastructure is the JAAS API. JAAS is a pluggable framework which provides a layer of abstraction between your security infrastructure and your application.
org.jboss.security.plugins.JaasSecurityManager
, which implements the AuthenticationManager
and RealmMapping
interfaces. JaasSecurityManager
integrates into the EJB and web container layers, based on the <security-domain>
element of the corresponding component deployment descriptor.
JaasSecurityManagerService
MBean
The JaasSecurityManagerService
MBean service manages security managers. Although its name begins with Jaas, the security managers it handles need not use JAAS in their implementation. The name reflects the fact that the default security manager implementation is the JaasSecurityManager
.
JaasSecurityManagerService
is to externalize the security manager implementation. You can change the security manager implementation by providing an alternate implementation of the AuthenticationManager
and RealmMapping
interfaces.
JaasSecurityManagerService
is to provide a JNDI javax.naming.spi.ObjectFactory
implementation to allow for simple code-free management of the binding between the JNDI name and the security manager implementation. To enable security, specify the JNDI name of the security manager implementation via the <security-domain>
deployment descriptor element.
JaasSecurityManagerService
binds a next naming system reference, nominating itself as the JNDI ObjectFactory
under the name java:/jaas
. This permits a naming convention of the form java:/jaas/XYZ
as the value for the <security-domain>
element, and the security manager instance for the XYZ
security domain is created as needed, by creating an instance of the class specified by the SecurityManagerClassName
attribute, using a constructor that takes the name of the security domain.
Note
java:/jaas
prefix in your deployment descriptor. You may do so, for backward compatibility, but it is ignored.
The org.jboss.security.plugins.JaasSecurityDomain
is an extension of JaasSecurityManager
which adds the notion of a KeyStore
, a KeyManagerFactory
, and a TrustManagerFactory
for supporting SSL and other cryptographic use cases.
For more information, and practical examples of the security architecture in action, refer to Section 14.2.8, “About Java Authentication and Authorization Service (JAAS)”.