Secure web application with certificates and role-based authorization
Procedure 12.1. Secure Web Applications with Certificates and Role-based Authorization This procedure describes how to secure a web application, such as the jmx-console.war, using client certificates and role-based authorization. Declare Resources and Roles Modify web.xml to declare the resources to be secured along with the allowed roles and security domain to be used for authentication and authorization. ... HtmlAdaptor An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application /* JBossAdmin BASIC JBoss JMX Console JBossAdmin Specify the JBoss Security Domain In the jboss-web.xml file, specify the required security domain. jmx-console Specify Login Module Configuration Define the login module configuration for the jmx-console security domain you just specified. This is done in the conf/login-config.xml file. useFirstPass jmx-console useFirstPass jmx-console-users.properties jmx-console-roles.properties Procedure 12.1, “Secure Web Applications with Certificates and Role-based Authorization”shows the BaseCertLoginModule is used for authentication of the client cert, and the UsersRolesLoginModule is only used for authorization due to the password-stacking=useFirstPass option. Both the localhost.keystore and the jmx-console-roles.properties require an entry that maps to the principal associated with the client cert.