schema.security-config_4_0.xsd Maven / Gradle / Ivy
...
The instance documents may indicate the published version of
the schema using the xsi:schemaLocation attribute:
http://www.jboss.org/j2ee/schema/security-config_4_0.xsd
The outline of a policy/application-policy is:
option1-value
option2-value
...
...
...
]]>
The policy element is the root of the security
configuration descriptor.
The application-policy lists configuration for a
named policy. This currently only consists of the authentication
configuration.
The name attribute defines the authentication
configuration name. This is the name that would be passed to
the JAAS LoginContext ctor to use the associated login module stack.
The authentication element contains the login module
stack configuration. Each login module configuration is specified
using a login-module element.
The login-module element defines a JAAS login module
configuration entry. Each entry must have a code and flag attribute
along with zero or more login module options specified via the
module-option element.
The code attribute gives the fully qualifed class
name of the javax.security.auth.spi.LoginModule interface implementation
for the login module.
The flag attribute controls how a login module
participates in the overall authentication proceedure.
Required - The LoginModule is required to succeed. If it
succeeds or fails, authentication still continues to proceed
down the LoginModule list.
Requisite - The LoginModule is required to succeed. If it succeeds,
authentication continues down the LoginModule list. If it fails,
control immediately returns to the application (authentication does not proceed
down the LoginModule list).
Sufficient - The LoginModule is not required to succeed. If it does
succeed, control immediately returns to the application (authentication
does not proceed down the LoginModule list). If it fails,
authentication continues down the LoginModule list.
Optional - The LoginModule is not required to succeed. If it succeeds or
fails, authentication still continues to proceed down the
LoginModule list.
The overall authentication succeeds only if
all required and requisite LoginModules succeed. If a
sufficient LoginModule is configured and succeeds, then only
the required and requisite LoginModules prior to that
sufficient LoginModule need to have succeeded for the overall
authentication to succeed. If no required or requisite
LoginModules are configured for an application, then at least
one sufficient or optional LoginModule must succeed.
A module option defines a name, value pair that are
passed to a LoginModule when it is initialized during the login proceedure.
The name attribute defines the option name while the element value is the
option value. The type of the value can be anything from a string obtained
from the module-option body, to arbitary objects unmarshalled based on
the namespace associated with the module-option child element.
The module option name. This is the key used to store
the module value in the LoginModule initalize options Map.