Java Reference
In-Depth Information
Therefore, in order to enable SSL communication for our EJB communication, we
will define a security realm (named
EJBRealm
) that is bound to a server identity that
references the server's
keystore
object:
<security-realm name="EJBRealm">
<server-identities>
<ssl>
<keystore path="jboss.keystore"
relative-to="jboss.server.config.dir"
keystore-password="mypassword"/>
</ssl>
</server-identities>
<authentication>
<jaas name="ejb-security-domain"/>
</authentication>
</security-realm>
Besides containing the location where SSL certificates are stored, this security realm
also contains the authentication policy used by your EJBs, which is defined by the
JAAS's security domain, named
ejb-security-domain
.
The following is a security domain definition that is a simple file-based security do-
main containing the user credentials and roles in the files
ejb-users.properties
and
ejb-roles.properties
respectively:
<security-domain name="ejb-security-domain"
cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="defaultUsersProperties"
