security-service (Sun GlassFish Enterprise Server v3 Domain File Format Reference)

Sun GlassFish Enterprise Server v3 Domain File Format Reference

security-service

Defines parameters and configuration information needed by the Java EE security service. For SSL configuration, see ssl. For connector module security, see security-map.

Superelements

config

Subelements

The following table describes subelements for the security-service element.

Table 1–147 security-service Subelements


Element	Required	Description
auth-realm	one or more	Defines a realm for authentication.
jacc-provider	one or more	Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization.
audit-module	zero or more	Specifies an optional plug-in module that implements audit capabilities.
message-security-config	zero or more	Specifies configurations for message security providers.
property	zero or more	Specifies a property or a variable.

Attributes

The following table describes attributes for the security-service element.

Table 1–148 security-service Attributes


Attribute	Default	Description
`default-realm`	`file`	(optional) Specifies the active authentication realm (an auth-realm `name` attribute) for this server instance.
`default-principal`	none	(optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation.
`default-principal-password`	none	(optional) The password of the default principal. This attribute need not be set for normal server operation.
`anonymous-role`	`attribute is deprecated`	(optional) Deprecated. Do not use.
`audit-enabled`	`false`	(optional) If `true`, additional access logging is performed to provide audit information. Audit information consists of: Authentication success and failure events Servlet and EJB access grants and denials
`jacc`	`default`	(optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider.
`audit-modules`	`default`	(optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module.
`activate-default-principal-to-role-mapping`	`false`	(optional) Applies a default principal for role mapping to any application that does not have an application-specific mapping defined. Every role is mapped to an instance of a `java.security.Principal` implementation class defined by `mapped-principal-class`. This class has the same name as the role.
`mapped-principal-class`	none	(optional) Customizes the `java.security.Principal` implementation class used when `activate-default-principal-to-role-mapping` is set to `true`.