9.3. Configure the Security Subsystem
security
subsystem includes one attribute, deep-copy-subject-mode
which includes child elements security-domains
and security-properties
. You can configure the security subsystem using the Management CLI or web-based Management Console.
If deep copy subject mode is disabled (the default), copying a security data structure makes a reference to the original, rather than copying the entire data structure. This behavior is more efficient, but is prone to data corruption if multiple threads with the same identity clear the subject by means of a flush or logout operation.
You can set system-wide security properties, which are applied to class java.security.Security
class.
A security domain is a set of Java Authentication and Authorization Service (JAAS) declarative security configurations which one or more applications use to control authentication, authorization, security auditing, and security mapping. Three security domains are included by default: jboss-ejb-policy
, jboss-web-policy
, and other
. The Management API, Management Console, and Management CLI use the other
security domain. You can create as many security domains as you need to accomodate the needs of your applications.