CODEWITHSUNDEEP
javajbosswildflyelytron
thomas
thomas

Reputation: 41

Wildfly 16: Security domain specified in jboss-web.xml is ignored

Running Wildfly 16, I specify a security domain in my application's WEB-INF/jboss-web.xml as follows:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>MyDomain</security-domain>
</jboss-web>

In Wildfly's standalone.xml in the undertow section I specify that security domain as application security domain as follows:

<subsystem xmlns="urn:jboss:domain:undertow:8.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
    <buffer-cache name="default"/>
    <server name="default-server">
        <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
        <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
        <host name="default-host" alias="localhost">
            <location name="/" handler="welcome-content"/>
            <http-invoker security-realm="ApplicationRealm"/>
        </host>
    </server>
    ...
    <application-security-domains>
        <application-security-domain name="MyDomain" security-domain="OAuth2Domain"/>
    </application-security-domains>

Next, in the elytron section I specify the security domain as follows:

<subsystem xmlns="urn:wildfly:elytron:6.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
...   
    <security-domain name="OAuth2Domain" default-realm="OAuth2Realm" permission-mapper="default-permission-mapper">
       <realm name="OAuth2Realm"/>
    </security-domain>

Of course, also OAuth2Realm is subsequently defined and Wildfly starts without complaint. However, when accessing the application through http, Wildfly always uses the security domain "other" in the legacy security section, rather than my security domain in the elytron section. How can I force Wildfly to use my Elytron security domain?

Upvotes: 2

Views: 1442

Answers (1)

thomas
thomas

Reputation: 41

Found the solution: The application is using programmatic login using a JAAS login context, but this knows only the security domains defined in the legacy security system. To login programmatically against a domain in the elytron system an elytron authentication context must be used, as described in https://docs.jboss.org/author/display/WFLY/Client%20Authentication%20with%20Elytron%20Client.html

Upvotes: 2

Related Questions