This topic has not yet been written. The content below is from the topic description.
The heart of the JBossSX framework is org.jboss.security.plugins.JaasSecurityManager. This is the default implementation of the AuthenticationManager and RealmMapping interfaces. Figure 4.1, “Relationship between deployment descriptor value, component container, and JaasSecurityManager.� shows how the JaasSecurityManager integrates into the EJB and web container layers based on the element of the corresponding component deployment descriptor. Figure 4.1. Relationship between deployment descriptor value, component container, and JaasSecurityManager. [Image http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/images/j2ee_chap8-9.jpg] Figure 4.1, “Relationship between deployment descriptor value, component container, and JaasSecurityManager.� depicts an enterprise application that contains both EJBs and web content secured under the security domain jwdomain. The EJB and web containers have a request interceptor architecture that includes a security interceptor, which enforces the container security model. At deployment time, the element value in the jboss.xml and jboss-web.xml descriptors is used to obtain the security manager instance associated with the container. The security interceptor then uses the security manager to perform its role. When a secured component is requested, the security interceptor delegates security checks to the security manager instance associated with the container. The JBossSX JaasSecurityManager implementation performs security checks based on the information associated with the Subject instance that results from executing the JAAS login modules configured under the name matching the element value. We will drill into the JaasSecurityManager implementation and its use of JAAS in the following section.