JBoss and security

JBoss implementaiton of security is JBossSX. It both supports declarative J2EE (JEE) and role-based security model.

  • Default implementation for declarative security model is JAAS.
Declarative: you declare the security roles and permissions using a standard XML message, rather than embedding in your code.
Secure access to EJBs and web components using ejb-jar.xml and web.xml deployment descriptors.
  • isCallerInRole
  • security-role-ref/role-name
New from EJB 2.0, specify what identity an EJC should use when it invokes methods on other components.

Leave a Reply

Your email address will not be published. Required fields are marked *