WildFly Security Domains
Internal
Overview
A security domain is a set of Java Authentication and Authorization Service (JAAS) declarative security configurations used by one or more applications to control authentication, authorization and security auditing. An application specifies a security domain to manage its security information. Security domains are declared as part of the security subsystem. A security domain is a JBoss concept that predates the security realm, which was introduced in JBoss 7 and then WildFly.
Security domains are declared in the JBoss configuration files (domain.xml or standalone.xml) as part of the security subsystem. Since the security domains are part of the security subsystem, they are loaded after core services.
Users can create custom security domains, as shown here Adding a New Security Domain
Default Security Domains
An application server instance comes with three security domains pre-configured: "other", "jboss-ejb-policy" and "jboss-web-policy". "jboss-ejb-policy" and "jboss-web-policy" are the default authorization mechanisms that are used if the application's configured security domain has none. These security domains, along with "other" are also used internally by JBoss and therefore are required for correct operation.
Relationship between a Security Realm and a Security Domain
- [[|]]
!!!Security Auditing
Security auditing refers to triggering events such as writing a log, in response to an event that happens within the security subsystem.
Auditing mechanisms are configured as part of a security domain.
Auditing uses provider modules to control the way the security events are reported.
The core management also has its own security auditing and logging functionality that is configured separately and it is not part of the security subsystem.