Defines parameters and configuration information needed by the Java EE security service. For SSL configuration, see ssl. For connector module security, see security-map.
The following table describes subelements for the security-service element.
Table 1–128 security-service Subelements
Element |
Required |
Description |
---|---|---|
one or more |
Defines a realm for authentication. |
|
one or more |
Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization. |
|
zero or more |
Specifies an optional plug-in module that implements audit capabilities. |
|
zero or more |
Specifies configurations for message security providers. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the security-service element.
Table 1–129 security-service Attributes
Attribute |
Default |
Description |
---|---|---|
file |
(optional) Specifies the active authentication realm (an auth-realm name attribute) for this server instance. |
|
none |
(optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation. |
|
none |
(optional) The password of the default principal. This attribute need not be set for normal server operation. |
|
ANYONE |
(optional) Used as the name for default, or anonymous, role. The anonymous role is always assigned to all principals. This role value can be used in Java EE deployment descriptors to grant access to anyone. |
|
false |
(optional) If true, additional access logging is performed to provide audit information. Audit information consists of:
|
|
default |
(optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider. |
|
default |
(optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module. |
|
false |
(optional) Applies a default principal for role mapping to any application that does not have an application-specific mapping defined. Every role is mapped to an instance of a java.security.Principal implementation class defined by mapped-principal-class. This class has the same name as the role. |
|
com.sun.enterprise.deployment.Group |
(optional) Customizes the java.security.Principal implementation class used when activate-default-principal-to-role-mapping is set to true. |