JBoss.org Community Documentation
JAAS is the preferred method for authenticating a remote client to JBoss. However, for simplicity and to ease the migration from other application server environment that do not use JAAS, JBoss allows you the security credentials to be passed through the InitialContext
. JAAS is still used under the covers, but there is no manifest use of the JAAS interfaces in the client application.
The factory class that provides this capability is the org.jboss.security.jndi.LoginInitialContextFactory
. The complete set of support InitialContext
environment properties for this factory are:
java.naming.factory.initial
: The name of the environment property for specifying the initial context factory, which must be org.jboss.security.jndi.LoginInitialContextFactory
.
java.naming.provider.url
: This must be set to a NamingContextFactory
provider URL. The LoginIntialContext
is really just a wrapper around the NamingContextFactory
that adds a JAAS login to the existing NamingContextFactory
behavior.
java.naming.factory.url.pkgs
: For all JBoss JNDI provider this must be org.jboss.naming:org.jnp.interfaces
. This property is essential for locating the jnp:
and java:
URL context factories of the JBoss JNDI provider.
java.naming.security.principal
(or Context.SECURITY_PRINCIPAL
): The principal to authenticate. This may be either a java.security.Principal
implementation or a string representing the name of a principal.
java.naming.security.credentials
(or Context.SECURITY_CREDENTIALS
), The credentials that should be used to authenticate the principal, e.g., password, session key, etc.
java.naming.security.protocol
: (Context.SECURITY_PROTOCOL
) This gives the name of the JAAS login module to use for the authentication of the principal and credentials.