How to define custom principal class in Elytron WildFly 26.1?

Question

In legacy system is used dedicated login-module with custom principal class defined in security domain used by application, like below (JBoss 7.2)

    <subsystem xmlns="urn:jboss:domain:security:1.2">
        <security-domains>
            <security-domain name="other-security-domain" cache-type="default">
                <authentication>
                    <login-module code="com.xxx.OtherLoginModule" flag="requisite">
                        <module-option name="password-stacking" value="useFirstPass"/>
                        <module-option name="principalClass" value="com.xxx.OtherPrincipal"/>
                    </login-module>

How the corresponding configuration should be done on Wildfly 26.1/Elytron ? I looked through the documentation 26.1/WildFly_Elytron_Security, (in particular, chapter '18. Migrate Legacy Security to Elytron Security') but found no solution.

Additional problems:

• documentation point to subsystem security/security-domain but in CLI i see only security-management (can't run legacy jaas module based on that doc)
• no any example with custom principal class (base problem)

Answer 1

the login modules should be migrated to an existing security realms if possible, if that is not an option you can implement a custom security realm like mentioned in this blog . Last option is using jaas-realm described here.

For the custom principal, depending on your use case, it might not be possible, see this unresolved issue https://issues.redhat.com/browse/WFCORE-5809 .

But it is possible to instead configure SecurityIdentity's attributes with the information you want to store in the principal. Then you can obtain these security identity attributes in your application with the method SecurityDomain.getCurrent().getCurrentSecurityIdentity().getAttributes(). Depending on your use case this might be an alternative.