Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 8. Authorization Modules

The following modules provide authorization services:

Expand
CodeClass

DenyAll

org.jboss.security.authorization.modules.AllDenyAuthorizationModule

PermitAll

org.jboss.security.authorization.modules.AllPermitAuthorizationModule

Delegating

org.jboss.security.authorization.modules.DelegatingAuthorizationModule

Web

org.jboss.security.authorization.modules.web.WebAuthorizationModule

JACC

org.jboss.security.authorization.modules.JACCAuthorizationModule

XACML

org.jboss.security.authorization.modules.XACMLAuthorizationModule

AbstractAuthorizationModule
This is the base authorization module which has to be overridden and provides a facility for delegating to other authorization modules. This base authorization module also provides a delegateMap property to the overriding class, which allows for delegation modules to be declared for specific components. This enables more specialized classes to handle the authorization for each layer (e.g. web, ejb, etc) since the information used to authorize a user may vary between the resources being accessed. For instance, an authorization module may be based on permissions, yet have different permission types for the web and ejb resources. By default, the authorization module would be forced to deal with all possible resource and permission types, but configuring the delegateMap option allows the module to delegate to specific classes for different resource types. The delegateMap option takes a comma-separated list of modules, each of which is prefixed by the component it relates to (e.g. <module-option name="delegateMap">web=xxx.yyy.MyWebDelegate,ejb=xxx.yyy.MyEJBDelegate</module-option>).
Important

When configuring the delegateMap option, every delegate must implement the authorize(Resource) method and have it call the invokeDelegate(Resource) method in same way the provided authorization modules do. Failure to do so will result in the delegate not getting called.

AllDenyAuthorizationModule
This is a simple authorization module that always denies an authorization request. No configuration options are available.
AllPermitAuthorizationModule
This is a simple authorization module that always permits an authorization request. No configuration options are available.
DelegatingAuthorizationModule
This is the default authorization module that delegates decision making to the configured delegates. This module also supports the delegateMap option.
WebAuthorizationModule
This is the default web authorization module with the default Tomcat authorization logic (permit all).
JACCAuthorizationModule
This module enforces JACC semantics using two delegates (WebJACCPolicyModuleDelegate for web container authorization requests and EJBJACCPolicyModuleDelegate for EJB container requests). This module also supports the delegateMap option.
XACMLAuthorizationModule
This module enforces XACML authorization using two delegates for web and EJB containers (WebXACMLPolicyModuleDelegate and EJBXACMLPolicyModuleDelegate). It creates a PDP object based on registered policies and evaluates web or EJB requests against it. This module also supports the delegateMap option.
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat