此内容没有您所选择的语言版本。
1.3. SwitchYard Security Configuration
All services within a domain share the same security configuration, which is specified in
META-INF/switchyard.xml:
<switchyard>
<domain>
<security callbackHandler="callback-handler-class-name" moduleName="jaas-domain-name" rolesAllowed="users, administrators" runAs="leaders">
<properties>
<property name="property-name" value="property-value"/>
</properties>
</security>
</domain>
</switchyard>
- The <security> element
- This is an optional element. If not specified, the callbackHandler and moduleName attributes described below will fallback to their default values.
- The callbackHandler attribute
- This is an optional attribute. If not specified, a default value of
org.switchyard.security.callback.NamePasswordCallbackHandlerwill be used. - The moduleName attribute
- This is an optional attribute. If not specified, a default value of other will be used. The value maps to a JAAS security domain name.
- The rolesAllowed attribute
- This is an optional attribute. If specified, and if a Service has an authorization security policy requirement, the authenticated user must be in one of the roles listed. The value is a comma-separated list of roles (whitespace gets trimmed).
- The runAs attribute
- This is an optional attribute. If specified, the value of this attribute will be added as a role to the authenticated user.
- The <properties> and <property> elements
- A <security> element can optionally specify a <properties> element. This can be adjusted to specify zero to many (0..*) <property> elements. Each <property> element requires a name and a value attribute.
Note
The list of specified name/value properties is made available to the SwitchYard Security configuration, as well as the configured callbackHandler. Some CallbackHandlers require configuration information beyond what can be assumed in a no-argument constructor. See the individual CallbackHandler implementations for details.
