此内容没有您所选择的语言版本。

2.3. Defining Application Security Domain


To allow an application to communicate with the application server through the SPNEGOLoginModule, you need to define the application security domain on the application server.
To define the application security domain, do the following:
  1. Open the $JBOSS_HOME/jboss-as/server/$PROFILE/conf/login-config.xml file for editing.
  2. Define a new application policy with the following chained configuration:
    • The SPNEGOLoginModule and its configuration with the following options:
      <module-option name="password-stacking">useFirstPass</module-option>
      The password-stacking option activates client-side authentication of clients with other login modules. Set the password-stacking option to useFirstPass, so the module looks first for a shared user name and password with javax.security.auth.login.name and javax.security.auth.login.password respectively (for further information refer to Password Stacking in the Security Guide).
      <module-option name="serverSecurityDomain">DomainName</module-option>
      The serverSecurityDomain option defines the server security domain, which defines the authentication module (Kerberos) and server authentication properties (refer to Section 2.2, “Defining Server Security Domain”).
    • The login module which returns the roles of the authenticated user and its configuration options. You can make use of the UsersRolesLoginModule that obtains the user roles from a properties file or AdvancedLdapLoginModule, which obtains user roles from an LDAP server following GSSAPI. For further information refer to Section 2.4, “Role Mapping”.

Example 2.2. Application Security Domain

<application-policy name="SPNEGO">
   <authentication>
      <login-module
         code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"
         flag="requisite">
         <module-option name="password-stacking">useFirstPass</module-option>
         <module-option name="serverSecurityDomain">host</module-option>
      </login-module>
      <login-module
         code="org.jboss.security.auth.spi.UsersRolesLoginModule"
         flag="required">
         <module-option name="password-stacking">useFirstPass</module-option>
         <module-option name="usersProperties">props/spnego-users.properties</module-option>
         <module-option name="rolesProperties">props/spnego-roles.properties</module-option>
      </login-module>
   </authentication>
</application-policy>
Copy to Clipboard Toggle word wrap
In Example 2.2, “Application Security Domain” we have defined an application security domain called SPNEGO with two login modules:
  • org.jboss.security.negotiation.spnego.SPNEGOLoginModule provides SPNEGO user authentication;
  • org.jboss.security.auth.spi.UsersRolesLoginModule returns the roles of the user authenticated by the SPNEGOLoginModule (the roles are filtered from a users properties file).
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat