红帽全球峰会此内容没有您所选择的语言版本。
Chapter 17. Java EE Security API
17.1. About Java EE Security API
Java EE Security API defines plug-in interfaces for authentication and identity stores, and a new injectable-type SecurityContext interface that provides an access point for programmatic security. It is defined in JSR-375 of the Java Community Process. For details about the specifications, see Java EE Security API Specification.
17.2. Configure Java EE Security API Using Elytron
Enabling Java EE Security API Using the elytron Subsystem
The SecurityContext interface defined in the Java EE Security API uses the Java Authorization Contract for Containers (JACC) policy provider to access the current authenticated identity. To enable your deployments to use the SecurityContext interface, you must configure the elytron subsystem to manage the JACC configuration and define a default JACC policy provider.
Disable JACC in the legacy
securitysubsystem. Skip this step if JACC is already configured to be managed by Elytron./subsystem=security:write-attribute(name=initialize-jacc, value=false)
/subsystem=security:write-attribute(name=initialize-jacc, value=false)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Define a JACC policy provider in the
etlyronsubsystem and reload the server./subsystem=elytron/policy=jacc:add(jacc-policy={}) reload/subsystem=elytron/policy=jacc:add(jacc-policy={}) reloadCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Enabling Java EE Security API for Web Applications
To enable the Java EE Security API for a web application, the web application needs to be associated with either an Elytron http-authentication-factory or a security-domain. This installs the Elytron security handlers and activates the Elytron security framework for the deployment.
The minimal steps to enable the Java EE Security API are:
-
Leave the
default-security-domainattribute on theundertowsubsystem undefined so that it defaults toother. Add an
application-security-domainmapping fromotherto an Elytron security domain:/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false)
/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain, integrated-jaspi=false)Copy to Clipboard Copied! Toggle word wrap Toggle overflow When
integrated-jaspiis set tofalse, ad-hoc identities are created dynamically.
The Java EE Security API is built on JASPI. For information about configuring JASPI, see Configure Java Authentication SPI for Containers (JASPI) Security Using Elytron.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}