WildFly Security Realms: Difference between revisions
No edit summary |
|||
Line 17: | Line 17: | ||
=Overview= | =Overview= | ||
A ''security realm'' is a | A ''security realm'' is a WildFly-specific identity store of usernames, passwords and group membership information that can be used to authenticate users of the management interfaces, web applications and EJBs. | ||
The security realm contains mappings between users and passwords, and users and roles - a mechanism for adding authentication and authorization to applications and JBoss management facilities and regular applications. | The security realm contains mappings between users and passwords, and users and roles - a mechanism for adding authentication and authorization to applications and JBoss management facilities and regular applications. | ||
By default | By default WildFly comes pre-configured with two realms: | ||
* [management realm | * [#ManagementRealm|management realm] | ||
* [application realm | * [#ApplicationRealm|application realm] | ||
Both of these use filesystem-based stores for users and group membership, and use a [digest mechanism|JBoss7SecurityRealm#TheDigestMechanism] by default when authenticating. | Both of these use filesystem-based stores for users and group membership, and use a [digest mechanism|JBoss7SecurityRealm#TheDigestMechanism] by default when authenticating. | ||
Line 36: | Line 36: | ||
For a better upper level picture of JBoss 7 security, see [JBoss 7 Security Concepts]. | For a better upper level picture of JBoss 7 security, see [JBoss 7 Security Concepts]. | ||
=Management Realm= | =Management Realm= | ||
=Application Realm= | =Application Realm= |
Revision as of 01:39, 10 February 2016
External
- RedHat Documentation Security Guide https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#chap-Security_Realms
- jboss.org Security Realms Article https://docs.jboss.org/author/display/AS71/Security+Realms
Internal
Overview
A security realm is a WildFly-specific identity store of usernames, passwords and group membership information that can be used to authenticate users of the management interfaces, web applications and EJBs.
The security realm contains mappings between users and passwords, and users and roles - a mechanism for adding authentication and authorization to applications and JBoss management facilities and regular applications.
By default WildFly comes pre-configured with two realms:
- [#ManagementRealm|management realm]
- [#ApplicationRealm|application realm]
Both of these use filesystem-based stores for users and group membership, and use a [digest mechanism|JBoss7SecurityRealm#TheDigestMechanism] by default when authenticating.
New security realms can be configured.
The existing security realms can be reconfigured to use other authentication mechanisms, different from digest.
Security realms are not involved in any authorization decisions, however they can be configured to load a user's group membership information, which then can be subsequently used to make authorization decisions. The user is authenticated first, then the group membership information is loaded as part of a second step.
The [Management interfaces|JBoss7CoreManagement#JBoss7ManagementInterfaces] interfaces and the associates security realms are loaded as [core services|JBoss7Services#CoreServices].
For a better upper level picture of JBoss 7 security, see [JBoss 7 Security Concepts].