Created
September 19, 2012 14:31
-
-
Save divideby0/3749992 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jbossbpm-users=user | |
| jbossbpm-managers=manager | |
| jbossbpm-admins=administrator |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <policy> | |
| <application-policy name="jbpm"> | |
| <authentication> | |
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | |
| <module-option name="dsJndiName">java:/JbpmDS</module-option> | |
| <module-option name="principalsQuery">SELECT PASSWORD_ FROM JBPM_ID_USER WHERE NAME_=?</module-option> | |
| <module-option name="rolesQuery">SELECT g.NAME_ ,'Roles' FROM JBPM_ID_USER u, JBPM_ID_MEMBERSHIP m, JBPM_ID_GROUP g WHERE g.TYPE_='security-role' AND m.GROUP_ = g.ID_ AND m.USER_ = u.ID_ AND u.NAME_=?</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!--Loaded from orignal file: old/login-config.xml--> | |
| <application-policy name="client-login"> | |
| <authentication> | |
| <login-module code="org.jboss.security.ClientLoginModule" flag="required"> | |
| <!-- Any existing security context will be restored on logout --> | |
| <module-option name="restore-login-identity">true</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!--- - - - --> | |
| <!--Loaded from orignal file: old/login-config.xml--> | |
| <application-policy name="HsqlDbRealm"> | |
| <authentication> | |
| <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required"> | |
| <module-option name="principal">sa</module-option> | |
| <module-option name="userName">sa</module-option> | |
| <module-option name="password"/> | |
| <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!--- - - - --> | |
| <!--Loaded from orignal file: old/login-config.xml--> | |
| <application-policy name="JmsXARealm"> | |
| <authentication> | |
| <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required"> | |
| <module-option name="principal">guest</module-option> | |
| <module-option name="userName">guest</module-option> | |
| <module-option name="password">guest</module-option> | |
| <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!--- - - - --> | |
| <!--Loaded from orignal file: old/login-config.xml--> | |
| <application-policy name="JBossWS"> | |
| <authentication> | |
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | |
| <module-option name="usersProperties">props/jbossws-users.properties</module-option> | |
| <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> | |
| <module-option name="unauthenticatedIdentity">anonymous</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!--- - - - --> | |
| <!--Loaded from orignal file: old/login-config.xml--> | |
| <application-policy name="other"> | |
| <!-- A simple server login module, which can be used when the number | |
| of users is relatively small. It uses two properties files: | |
| users.properties, which holds users (key) and their password (value). | |
| roles.properties, which holds users (key) and a comma-separated list of | |
| their roles (value). | |
| The unauthenticatedIdentity property defines the name of the principal | |
| that will be used when a null username and password are presented as is | |
| the case for an unuathenticated web client or MDB. If you want to | |
| allow such users to be authenticated add the property, e.g., | |
| unauthenticatedIdentity="nobody" | |
| --> | |
| <authentication> | |
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/> | |
| </authentication> | |
| </application-policy> | |
| <!--- - - - --> | |
| <!--Loaded from orignal file: old/login-config.xml--> | |
| <application-policy name="hornetq"> | |
| <authentication> | |
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | |
| <module-option name="unauthenticatedIdentity">guest</module-option> | |
| <module-option name="usersProperties">props/hornetq-users.properties</module-option> | |
| <module-option name="rolesProperties">props/hornetq-roles.properties</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!--- - - - --> | |
| <!-- | |
| BRMS Platform Security Domain | |
| --> | |
| <application-policy name="brms"> | |
| <authentication> | |
| <login-module flag="required" code="org.jboss.security.auth.spi.LdapExtLoginModule"> | |
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> | |
| <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option> | |
| <module-option name="java.naming.security.authentication">simple</module-option> | |
| <module-option name="bindDN">ldapadmin</module-option> | |
| <module-option name="bindCredential">ldapadminpassword</module-option> | |
| <module-option name="baseCtxDN">OU=Standard,OU=Users,DC=somecompany,DC=com</module-option> | |
| <module-option name="baseFilter">(userPrincipalName={0})</module-option> | |
| <module-option name="rolesCtxDN">OU=JBOSSBPM,OU=ApplicationGroups,DC=somecompany,DC=com</module-option> | |
| <module-option name="roleFilter">(member={1})</module-option> | |
| <module-option name="roleAttributeIsDN">true</module-option> | |
| <module-option name="roleNameAttributeID">name</module-option> | |
| </login-module> | |
| <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule"> | |
| <module-option name="rolesProperties">props/brms-role-mapping.properties</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <!-- | |
| As configured out-the-box, jboss-brms.war oddly uses the 'jmx-console' JAAS policy while | |
| knowledge-central (jbpm-console) uses the 'brms' policy, so the authentication policy will | |
| need to be duplicated for now unless we change the deployable asset configurations | |
| --> | |
| <application-policy name="jmx-console"> | |
| <authentication> | |
| <login-module flag="required" code="org.jboss.security.auth.spi.LdapExtLoginModule"> | |
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> | |
| <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option> | |
| <module-option name="java.naming.security.authentication">simple</module-option> | |
| <module-option name="bindDN">ldapadmin</module-option> | |
| <module-option name="bindCredential">ldapadminpassword</module-option> | |
| <module-option name="baseCtxDN">OU=Standard,OU=Users,DC=somecompany,DC=com</module-option> | |
| <module-option name="baseFilter">(userPrincipalName={0})</module-option> | |
| <module-option name="rolesCtxDN">OU=JBOSSBPM,OU=ApplicationGroups,DC=somecompany,DC=com</module-option> | |
| <module-option name="roleFilter">(member={1})</module-option> | |
| <module-option name="roleAttributeIsDN">true</module-option> | |
| <module-option name="roleNameAttributeID">name</module-option> | |
| </login-module> | |
| <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule"> | |
| <module-option name="rolesProperties">props/brms-role-mapping.properties</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <application-policy name="web-console"> | |
| <authentication> | |
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | |
| <module-option name="usersProperties">props/brms-users.properties</module-option> | |
| <module-option name="rolesProperties">props/brms-roles.properties</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| <application-policy name="OpenSSOLogin"> | |
| <authentication> | |
| <login-module code="org.jboss.soa.security.opensso.OpenSSOLoginModule" flag="required"> | |
| <module-option name="orgName">opensso</module-option> | |
| <module-option name="moduleName">DataStore</module-option> | |
| <module-option name="amPropertiesFile">/props/AMConfig.properties</module-option> | |
| </login-module> | |
| </authentication> | |
| </application-policy> | |
| </policy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment