Chapter 9. JBossSX Security Extension Framework

Security in JBoss

Table of Contents

Introduction
EJB Security Overview
The JBoss Security Model
The JBossSX Default Security Manager: JaasSecurityManager
The Secure Remote Password(SRP) Protocol
Custom LoginModules
Examples
Bibliography

Scott Stark <[email protected]>

Note

This is still a rough draft

Introduction

The JBossSX security extension provides support for both the declarative EJB 1.1 security model as well as integration of custom security via a security proxy layer. The default implementation of the declarative security model is based JAAS LoginModules and Subjects. The security proxy layer allows custom security that cannot be described using the declarative model to be added to an EJB in a way that is independent of the EJB business object. Before getting into the JBoss security implementation details, let's review the EJB 1.1 specification security model.

Bibliography

The SRP Authentication and Key Exchange System. Request for Comments: 2945. Tom Wu. ftp://ftp.rfc-editor.org/in-notes/rfc2945.txtl .

Design Patterns. Elements of Reusable Object-Oriented Software. Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. 0-201-63361-2.

Enterprise JavaBeansâ„¢ Specification, v1.1 . Vlada Matena and Mark Hapner. http://www.javasoft.com/products/ejb/docs.html .