JAAS

Security#

JBoss 6.0 Security#

Summary of the the guide:

You secure access to EJBs and web components in an enterprise application by using the ejb-jar.xml and web.xml deployment descriptors.
Both EJBs and servlets can declare one or more security-role-ref elements: 

<web-app>
    <servlet>
        <servlet-name>AServlet</servlet-name>
        ...
        <security-role-ref>
            <role-name>TheServletRole</role-name>
            <role-link>TheApplicationRole</role-link>
        </security-role-ref>
    </servlet>
    ...
</web-app>

In JBoss, a security-role element is only used to map security-role-ref/role-name values to the logical role that the component role references 

<web-app>
    <!-- ... -->
    <security-role>
        <description>The single application role</description>
        <role-name>TheApplicationRole</role-name>
    </security-role>
</web-app>

No Copyright