Red Hat SummitChapter 17. Jakarta Security
17.1. About Jakarta Security
Jakarta Security defines plug-in interfaces for authentication and identity stores, and a new injectable-type SecurityContext interface that provides an access point for programmatic security. For details about the specifications, see Jakarta Security Specification.
17.2. Configure Jakarta Security Using Elytron
Enabling Jakarta Security Using the elytron Subsystem
The SecurityContext interface defined in Jakarta Security uses the Jakarta Authorization policy provider to access the current authenticated identity. To enable your deployments to use the SecurityContext interface, you must configure the elytron subsystem to manage the Jakarta Authorization configuration and define a default Jakarta Authorization policy provider.
Disable Jakarta Authorization in the legacy
securitysubsystem. Skip this step if Jakarta Authorization is already configured to be managed by Elytron./subsystem=security:write-attribute(name=initialize-jacc, value=false)
/subsystem=security:write-attribute(name=initialize-jacc, value=false)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Define a Jakarta Authorization policy provider in the
etlyronsubsystem and reload the server./subsystem=elytron/policy=jacc:add(jacc-policy={}) reload/subsystem=elytron/policy=jacc:add(jacc-policy={}) reloadCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Enabling Jakarta Security for Web Applications
To enable Jakarta Security for a web application, the web application needs to be associated with either an Elytron http-authentication-factory or a security-domain. This installs the Elytron security handlers and activates the Elytron security framework for the deployment.
The minimal steps to enable Jakarta Security are:
-
Leave the
default-security-domainattribute on theundertowsubsystem undefined so that it defaults toother. Add an
application-security-domainmapping fromotherto an Elytron security domain:/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false)
/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false)Copy to Clipboard Copied! Toggle word wrap Toggle overflow When
integrated-jaspiis set tofalse, ad-hoc identities are created dynamically.
Jakarta Security is built on Jakarta Authentication. For information about configuring Jakarta Authentication, see Configure Jakarta Authentication Security Using Elytron.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}