Wildfly Elytron Subsystem

Giriş

Açıklaması şöyle

Use of the Picketbox-based security vault is no longer supported. Elytron credential stores should be used instead.

Bir açıklama da şöyle

I couldn't find the exact point in time it happened but org.jboss.security.SecurityAssociation was renamed org.jboss.security.SecurityContextAssociation. Therefore by changing your references to org.jboss.security.SecurityAssociation in authorization-service-login-modules-jboss, you should be good to go.

Örnekler burada.

Ekran görüntüsü olarak gösteren bir örnek te burada

Örnek - jdbc authentication

Burada amaç FORM Login doğrulama işlemini Wildfly 'a yaptırmak

# Add a simple role decoder for the "roles" attribute mapping
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=roles)

# Add the JDBC security realm creation
./subsystem=elytron/jdbc-realm=my-jdbc-realm:add(principal-query=[ \
{sql="SELECT passwd FROM USER WHERE username=?",data-source="myDataSource",simple-digest-mapper={algorithm=simple-digest-sha-1,hash-encoding=hex,password-index=1}},\
{sql="SELECT R.ROLENAME, 'Roles' from ROLE R INNER JOIN USER U ON R.USER_ID = U.USER_ID WHERE U.USERNAME=?",data-source="myDataSource",attribute-mapping=[{index=1,to=roles}]}\
])

# Configure the servlet-security domain
/subsystem=elytron/security-domain=my-security-domain:add(default-realm=my-jdbc-realm, realms=[{realm=my-jdbc-realm, role-decoder=from-roles-attribute}], permission-mapper=default-permission-mapper)

# Configure the HTTP Authentication Factory
/subsystem=elytron/http-authentication-factory=my-http-auth:add(http-server-mechanism-factory=global,security-domain=my-security-domain,mechanism-configurations=[{mechanism-name=FORM, mechanism-realm-configurations=[{realm-name=RealUserRoles}]}])

# Configure Undertow's application security domain
/subsystem=undertow/application-security-domain=myapp:add(http-authentication-factory=my-http-auth)

web.xml dosyasında şöyle yaparız. Burada uygulanın hangi realm'i ile login olmak istediğimizi belirtiriz.

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>my-jdbc-realm</realm-name>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/login_error.jsp</form-error-page>
    </form-login-config>
</login-config>

jboss-web.xml dosyasında şöyle yaparız. Burada security domain'i belirtiriz. İşte burada uygulama ile Wildfly security domain ve buna bağlı realm birleşiyor

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web version="11.0" xmlns="http://www.jboss.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_12_0.xsd">
  <context-root>/mygui</context-root>
  <security-domain>my-security-domain</security-domain>

</jboss-web>