Wildfly 26 EJB security-realm

[christia...@switch.ch]

Hi again

During migration from Wildfly 23.0.2 to Wildfly 26.1.0 i got an error during server start concerning my EJB security-realm

Caused by: javax.xml.stream.XMLStreamException: WFLYDM0145: Security realms are no longer supported, please remove them from the configuration.

For a Wildfly server acting as EJB client the documentation still mention this as a valid configuration:

https://docs.wildfly.org/26/Developer_Guide.html#create-a-security-realm-on-the-client-server

What is the new way to define the EJB security for a client deployed in Wildfly?

Christian

[Diana Krepinska]

I'll copy here just in case - https://docs.wildfly.org/26/Client_Guide.html#jboss-ejb-client here it mentions that to configure EJB client in a deployment you can use wildfly-config.xml. You can specify client keystore/truststore configuration and other security configuration in wildfly-context.xml.

[christia...@switch.ch]

Hi

Thanks for the answer. I tried to follow the advice with the wildfly-config.xml. I ended with a configuration like this:

<configuration>

  ... (TLS stuff)
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-configurations>
            <configuration name="ejb">
                <set-user-name name="ejb" />
                <credentials>
                     <clear-password password="pwd />
                </credentials>
                <set-mechanism-realm name="ApplicationRealm" />
                <use-provider-sasl-factory />
            </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>

But i always get "JBOSS-LOCAL-USER: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication".  
What's wrong with this?