问题
I'm using JBoss AS7 + JSF 2.1
I'm trying to use a Database login module to authenticate users on a specific resource in my web application. In standalone.xml there are 3 security domains: "other", "jboss-web-policy" and "jboss-ejb-policy".
Should I put my database login module in the "other" security domain? Or I should define a new custom security domain and put my database login module in it?
Either way, how will I tell JBoss which security-domain/login module it should use for my application?
Thanks in advance.
回答1:
The two options you mention would be valid, but from my point of view it's better to create a new security domain for your applications (it's more clear).
On the other hand, answering your second question, you've to specify the security domain for your application inside the application meta files (not in jboss, but in your application).
In case you've a war file you've to set it in the file WEB-INF/jboss-web.xml, it would look something similar to:
<jboss-web>
<security-domain>java:/jaas/your-domain</security-domain>
</jboss-web>
On the other hand, if you've an ejb-jar module, the file META-INF/jboss.xml would look like:
<jboss>
<security-domain>java:/jaas/your-domain</security-domain>
</jboss>
And if you've an ear file, the file META-INF/jboss-app.xml would look something similar to:
<jboss-app>
<security-domain>java:/jaas/your-domain</security-domain>
</jboss-app>
来源:https://stackoverflow.com/questions/15087971/how-do-i-specify-which-security-domain-to-use-for-my-web-application-in-jboss-as