security_config.dtd

《J2EE企业级应用开发》一书的配套源代码

<?xml version='1.0' encoding='UTF-8' ?>

<!--Generated by XML Authority-->

<!-- This is the XML DTD for the JBoss 3.0 security policy configuration.
The DOCTYPE is:
  <!DOCTYPE policy PUBLIC
      "-//JBoss//DTD JBOSS Security Config 3.0//EN"
      "http://www.jboss.org/j2ee/dtd/security_config.dtd">

$Id: security_config.dtd,v 1.1.2.2 2002/06/27 19:21:28 starksm Exp $
$Revision: 1.1.2.2 $

The outline of the application-policy is:
<policy>
 <application-policy name="security-domain-name">
  <authentication>
    <login-module code="login.module1.class.name" flag="control_flag">
      <module-option name = "option1-name">option1-value</module-option>
      <module-option name = "option2-name">option2-value</module-option>
      ...
    </login-module>

    <login-module code="login.module2.class.name" flag="control_flag">
      ...
    </login-module>
    ...
  </authentication>
 </application-policy>
</policy>
-->
<!-- The root element of the security policy configuration -->
<!ELEMENT policy (application-policy+)>

<!-- An application-policy defines the security configuration for an application domain. Currently
this consists of only the login module configurations specified in the authentication -->
<!ELEMENT application-policy (authentication)>

<!-- The application-policy name attribute gives the name of the security domain.
-->
<!ATTLIST application-policy name CDATA  #REQUIRED>

<!-- The authentication element contains the login module stack configuration. Each
login module configuration is specified using a login-module element.
-->
<!ELEMENT authentication (login-module+)>

<!-- The login-module element defines a JAAS login module configuration entry. Each
entry must have a code and flag attribute along with zero or more login module options
specified via the module-option element.
-->
<!ELEMENT login-module (module-option*)>

<!-- The flag attribute controls how a login module participates in the overall authentication proceedure.
Required     - The LoginModule is required to succeed.
			If it succeeds or fails, authentication still continues
			to proceed down the LoginModule list.

Requisite    - The LoginModule is required to succeed.
			If it succeeds, authentication continues down the
			LoginModule list.  If it fails,
			control immediately returns to the application
			(authentication does not proceed down the
			LoginModule list).

Sufficient   - The LoginModule is not required to
			succeed.  If it does succeed, control immediately
			returns to the application (authentication does not
			proceed down the LoginModule list).
			If it fails, authentication continues down the
			LoginModule list.

Optional     - The LoginModule is not required to
			succeed.  If it succeeds or fails,
			authentication still continues to proceed down the
			LoginModule list.

The overall authentication succeeds only if all required and requisite LoginModules succeed. If a sufficient
LoginModule is configured and succeeds, then only the required and requisite LoginModules prior to that
sufficient LoginModule need to have succeeded for the overall authentication to succeed. If no required or
requisite LoginModules are configured for an application, then at least one sufficient or optional LoginModule
must succeed. 
-->
<!ATTLIST login-module flag  (required | requisite | sufficient | optional )  #REQUIRED>

<!-- The code attribute gives the fully qualifed class name of the javax.security.auth.spi.LoginModule
interface implementation for the login module.
-->
<!ATTLIST login-module code CDATA  #REQUIRED>

<!-- A module option defines a name, value pair of strings that are passed to a LoginModule when it
is initialized during the login proceedure. The name attribute defines the option name while the
element value is the option string value.
-->
<!ELEMENT module-option (#PCDATA)>

<!-- The name attribute specifies the name of the login module option.
-->
<!ATTLIST module-option name CDATA  #REQUIRED>