1.3. SwitchYard Security Configuration
All services within a domain share the same security configuration, which is specified in
META-INF/switchyard.xml
:
<switchyard> <domain> <security callbackHandler="callback-handler-class-name" moduleName="jaas-domain-name" rolesAllowed="users, administrators" runAs="leaders"> <properties> <property name="property-name" value="property-value"/> </properties> </security> </domain> </switchyard>
- The <security> element
- This is an optional element. If not specified, the callbackHandler and moduleName attributes described below will fallback to their default values.
- The callbackHandler attribute
- This is an optional attribute. If not specified, a default value of
org.switchyard.security.callback.NamePasswordCallbackHandler
will be used. - The moduleName attribute
- This is an optional attribute. If not specified, a default value of other will be used. The value maps to a JAAS security domain name.
- The rolesAllowed attribute
- This is an optional attribute. If specified, and if a Service has an authorization security policy requirement, the authenticated user must be in one of the roles listed. The value is a comma-separated list of roles (whitespace gets trimmed).
- The runAs attribute
- This is an optional attribute. If specified, the value of this attribute will be added as a role to the authenticated user.
- The <properties> and <property> elements
- A <security> element can optionally specify a <properties> element. This can be adjusted to specify zero to many (0..*) <property> elements. Each <property> element requires a name and a value attribute.
Note
The list of specified name/value properties is made available to the SwitchYard Security configuration, as well as the configured callbackHandler. Some CallbackHandlers require configuration information beyond what can be assumed in a no-argument constructor. See the individual CallbackHandler implementations for details.