-
Task
-
Resolution: Done
-
Major
-
JBossAS-5.0.0.Beta1
-
None
Currently the PolicyConfig is tied to the authentication info (JAAS and/or JASPI). Since we would like to define authorization policies as part of the global policy config, we need to adapt the existing Policy Config infrastructure to incorporate authorization info.
Here is an example:
========================================================================
<!-- Tests both authentication and authorization config -->
<application-policy name="TestAuthorization">
<authentication-jaspi>
<login-module-stack name="lm-stack">
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</login-module-stack>
<auth-module code="auth.module1.class.name">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</auth-module>
<auth-module code="auth.module2.class.name" login-module-stack-ref="lm-stack"/>
</authentication-jaspi>
<authorization>
<policy-module code="policy.module1.class.name"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</policy-module>
</authorization>
</application-policy>
========================================================================
- blocks
-
JBAS-3324 Authorization Framework with pluggable Authorization Modules
- Closed