migrate customized security domain to elytron
475 views
Skip to first unread message
amira yassine
May 9, 2022, 7:25:59 AM5/9/22
to WildFly
Hi,
our application currently uses the customized security domain for reading the database credentials store. Now, i want to migrate that customized security domain to elytron security. but i can't found that way how to migrate it, this is the configuration belllow :
<datasource enabled="true" jndi-name="java:/Login" jta="false" pool-name="Login" use-java-context="true">
<connection-url>jdbc:oracle:thin:@localhost:1521:orl</connection-url>
<driver>ovice-driver</driver>
<new-connection-sql>select callAlterSession('ex-session,'${jboss.db.caseSensitive:true}') from dual</new-connection-sql>
<transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
<pool>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<security-domain>LoginRealm</security-domain>
</security>
<validation>
<background-validation>true</background-validation>
<background-validation-millis>60000</background-validation-millis>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</datasource>
<connection-url>jdbc:oracle:thin:@localhost:1521:orl</connection-url>
<driver>ovice-driver</driver>
<new-connection-sql>select callAlterSession('ex-session,'${jboss.db.caseSensitive:true}') from dual</new-connection-sql>
<transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
<pool>
<min-pool-size>5</min-pool-size>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<security-domain>LoginRealm</security-domain>
</security>
<validation>
<background-validation>true</background-validation>
<background-validation-millis>60000</background-validation-millis>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
</validation>
</datasource>
****************************
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domains>
<security-domain cache-type="default" name="LoginRealm">
<authentication>
<login-module code="com.ex.security.LoginModule" flag="required" module="com.ex.security">
<module-option name="username" value="username"/>
<module-option name="password" value="FEDB5F28397641201E5F77E182613FE5"/>
<module-option name="keyStoreUrl" value="${jboss.server.config.dir}/ex.jceks"/>
<module-option name="keyStorePasswordStrategy" value="OBFUSCATED"/>
<module-option name="secretKeyAlias" value="secret-key-alias"/>
<module-option name="cipherAlgorithm" value="AES"/>
</login-module>
</authentication>
</security-domain>
<authentication>
<login-module code="com.ex.security.LoginModule" flag="required" module="com.ex.security">
<module-option name="username" value="username"/>
<module-option name="password" value="FEDB5F28397641201E5F77E182613FE5"/>
<module-option name="keyStoreUrl" value="${jboss.server.config.dir}/ex.jceks"/>
<module-option name="keyStorePasswordStrategy" value="OBFUSCATED"/>
<module-option name="secretKeyAlias" value="secret-key-alias"/>
<module-option name="cipherAlgorithm" value="AES"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
</subsystem>
Diana Krepinska
May 13, 2022, 3:16:30 PM5/13/22
to WildFly
You can implement Elytron custom realm. Take a look at this blog post to see how it can be done: https://hkalina.github.io/2018/06/06/custom-realm/ . Or you can utilize jaas-realm that will use your custom login module https://wildfly-security.github.io/wildfly-elytron/blog/jaas-realm/ .
Reply all
Reply to author
Forward
0 new messages