Security layer migration from Wildfly 11 to Wildfly 25

1,959 views
Skip to first unread message

Catalin Moga

unread,
Dec 2, 2021, 9:56:36 AM12/2/21
to WildFly
Hello,

I see from the Wildfly 25 summary that the legacy security layer is no longer supported.
Starting from the server configuration on standalone.xml,  in my current version I have the <subsystem xmlns="urn:jboss:domain:security:2.0"> which is no longer supported.

Can anybody point to a migration documentation for using Elytron subsystem? Or is any other workaround to continue using the security subsystem in Wildfly 25?

Here is my legacy configuration for the security subsystem:
image_001.png

Thanks for your help,
Cata

Farah Juma

unread,
Dec 2, 2021, 11:38:10 AM12/2/21
to WildFly
There's a migration guide here:

Catalin Moga

unread,
Dec 3, 2021, 2:43:12 PM12/3/21
to WildFly
Starting from the old security implementation:
2021-12-03 21_38_37.png

I tried to create a Custom Realm from the Wildfly Console:
2021-12-03 21_40_03.png

And I get the following error:
2021-12-03 21_41_23.png

Not sure what am I missing...

Darran Lofthouse

unread,
Dec 4, 2021, 6:21:28 AM12/4/21
to WildFly
Security realms and login modules are two different APIs so you can't use them interchangeably.

The following enhancement however which is being added to WildFly 26 may be useful for you as it provides a security realm implementation that can wrap a JAAS configuration of login modules:

Catalin Moga

unread,
Dec 7, 2021, 6:43:29 AM12/7/21
to WildFly
I see WildFly 26 Beta1 is already released. Does this version includes the enhancement that can wrap a JAAS config?

Can I see somewhere an example for the custom login migration?

Diana Krepinska

unread,
Dec 7, 2021, 8:46:33 AM12/7/21
to WildFly
Yes, WildFly 26 Beta1 contains the enhancement that wraps JAAS configuration file. It was added as a new security realm with name jaas-realm. Details on the format can be found in the linked analysis https://github.com/wildfly/wildfly-proposals/blob/main/elytron/WFCORE-5483-custom-loginmodule-compatible-sec-realm.adoc .

Just note that this will not work for custom login modules that rely on picketbox. I am working on an example and blog post for this feature and once ready I will post it here.

Diana Krepinska

unread,
Dec 17, 2021, 11:24:31 AM12/17/21
to WildFly
Hello,

JAAS realm was added in WildFly 26 to support custom login modules in Elytron. You can find the following blog post on JAAS realm here: https://wildfly-security.github.io/wildfly-elytron/blog/jaas-realm/

Regards,
Diana
Reply all
Reply to author
Forward
0 new messages