| <?xml version='1.0'?> |
| <!DOCTYPE policy PUBLIC |
| "-//JBoss//DTD JBOSS Security Config 3.0//EN" |
| "http://www.jboss.org/j2ee/dtd/security_config.dtd"> |
| |
| <!-- The XML based JAAS login configuration read by the |
| org.jboss.security.auth.login.XMLLoginConfig mbean. Add |
| an application-policy element for each security domain. |
| |
| The outline of the application-policy is: |
| <application-policy name="security-domain-name"> |
| <authentication> |
| <login-module code="login.module1.class.name" flag="control_flag"> |
| <module-option name = "option1-name">option1-value</module-option> |
| <module-option name = "option2-name">option2-value</module-option> |
| ... |
| </login-module> |
| |
| <login-module code="login.module2.class.name" flag="control_flag"> |
| ... |
| </login-module> |
| ... |
| </authentication> |
| </application-policy> |
| |
| $Revision$ |
| --> |
| |
| <policy> |
| <!-- Used by clients within the application server VM such as |
| mbeans and servlets that access EJBs. |
| --> |
| <application-policy name = "client-login"> |
| <authentication> |
| <login-module code = "org.jboss.security.ClientLoginModule" |
| flag = "required"> |
| </login-module> |
| </authentication> |
| </application-policy> |
| |
| <!-- Security domain for JBossMQ --> |
| <application-policy name = "jbossmq"> |
| <authentication> |
| <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule" |
| flag = "required"> |
| <module-option name = "unauthenticatedIdentity">guest</module-option> |
| <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option> |
| </login-module> |
| </authentication> |
| </application-policy> |
| |
| <!-- Security domains for testing new jca framework --> |
| <application-policy name = "HsqlDbRealm"> |
| <authentication> |
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" |
| flag = "required"> |
| <module-option name = "principal">sa</module-option> |
| <module-option name = "userName">sa</module-option> |
| <module-option name = "password"></module-option> |
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=hsqldbDS</module-option> |
| </login-module> |
| </authentication> |
| </application-policy> |
| |
| <application-policy name = "FirebirdDBRealm"> |
| <authentication> |
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" |
| flag = "required"> |
| <module-option name = "principal">sysdba</module-option> |
| <module-option name = "userName">sysdba</module-option> |
| <module-option name = "password">masterkey</module-option> |
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option> |
| </login-module> |
| </authentication> |
| </application-policy> |
| |
| <application-policy name = "JmsXARealm"> |
| <authentication> |
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" |
| flag = "required"> |
| <module-option name = "principal">guest</module-option> |
| <module-option name = "userName">guest</module-option> |
| <module-option name = "password">guest</module-option> |
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option> |
| </login-module> |
| </authentication> |
| </application-policy> |
| |
| <!-- A template configuration for the jmx-console web application. This |
| defaults to the UsersRolesLoginModule the same as other and should be |
| changed to a stronger authentication mechanism as required. |
| --> |
| <application-policy name = "jmx-console"> |
| <authentication> |
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" |
| flag = "required" /> |
| </authentication> |
| </application-policy> |
| |
| <!-- The default login configuration used by any security domain that |
| does not have a application-policy entry with a matching name |
| --> |
| <application-policy name = "other"> |
| <!-- A simple server login module, which can be used when the number |
| of users is relatively small. It uses two properties files: |
| users.properties, which holds users (key) and their password (value). |
| roles.properties, which holds users (key) and a comma-separated list of |
| their roles (value). |
| The unauthenticatedIdentity property defines the name of the principal |
| that will be used when a null username and password are presented as is |
| the case for an unuathenticated web client or MDB. If you want to |
| allow such users to be authenticated add the property, e.g., |
| unauthenticatedIdentity="nobody" |
| --> |
| <authentication> |
| <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" |
| flag = "required" /> |
| </authentication> |
| </application-policy> |
| |
| </policy> |
| |