Java Reference
In-Depth Information
isUserInRole() for servlets and JSPs (adopted in
javax.servlet.http.HttpServletRequest )
isCallerInRole()
for
EJBs
(adopted
in
javax.ejb.SessionContext )
Additionally, there are other API calls that provide access to the user's
identity:
getUserPrincipal() for servlets and JSPs (adopted in
javax.servlet.http.HttpServletRequest )
getCallerPrincipal()
for
EJBs
(adopted
in
javax.ejb.SessionContext )
Using these APIs, you can develop arbitrarily complex authorization mod-
els.
JBoss AS 7 security subsystem
JBoss security is qualified as an extension to the application server and it is included
by default both in standalone servers and in domain servers:
<extension module="org.jboss.as.security"/>
The following is an extract from the default security subsystem contained in the serv-
er configuration file, which contains the RealmUsersRoles login module that will
be used in the next section to secure the Ticket example application:
<subsystem
xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="other"
cache-type="default">
<authentication>
<login-module code="Remoting"
flag="optional">
<module-option
name="password-stacking" value="useFirstPass"/>
Previous Page
Next Page
JBoss AS 7 Development
Search WWH ::




Custom Search
Home