How to migrate old "SecureIdentity" and old JAAS module access to Elytron?
436 views
Skip to first unread message
Reinhart Patrick
Nov 2, 2021, 2:41:43 PM11/2/21
to wil...@googlegroups.com
Hi everybody,
I'm trying to migrate an old Wildfly configuration over to Elytron and got the following config where I don't know how to migrate them correctly:
<security-domain cache-type="default" name="XmlDb">
<authentication>
<login-module code="SecureIdentity" flag="required">
<module-option name="username" value="someUser" />
<module-option name="password" value="24421387eee4a616df8592078de921bc />
</login-module>
</authentication>
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
<authentication>
<login-module code="SecureIdentity" flag="required">
<module-option name="username" value="someUser" />
<module-option name="password" value="24421387eee4a616df8592078de921bc />
</login-module>
</authentication>
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
Also there is an other domain using an existing JAAS Login Module that is using an configured datasource like so:
<security-domain name="jmx-console">
<authentication>
<login-module code="somedomain.CustomLoginModule" flag="required" module="somedomain.jaas">
<module-option name="jndiDataSource" value="java:/someDataSource" />
</login-module>
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required">
<module-option name="rolesProperties" value="file:${jboss.server.config.dir}/jmxrolemapping.properties" />
<module-option name="replaceRole" value="false" />
</login-module>
</authentication>
</security-domain>
<authentication>
<login-module code="somedomain.CustomLoginModule" flag="required" module="somedomain.jaas">
<module-option name="jndiDataSource" value="java:/someDataSource" />
</login-module>
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required">
<module-option name="rolesProperties" value="file:${jboss.server.config.dir}/jmxrolemapping.properties" />
<module-option name="replaceRole" value="false" />
</login-module>
</authentication>
</security-domain>
In both cases I do not see what the correct way would be to define those in Elytron or may implement them in some way. I would appreciate any hint on how to migrate those or where to look for more information...
Best regards
Patrick
Diana Krepinska
Nov 3, 2021, 6:29:16 AM11/3/21
to WildFly
Hi, to migrate login modules you want to look at security-realm and security-domain in Elytron. Jdbc-realm might be useful for you. Take a look at the following link to see some examples of migration
https://docs.jboss.org/author/display/WFLY/Migrate%20Legacy%20Security%20to%20Elytron%20Security.html and documentation https://docs.wildfly.org/24/WildFly_Elytron_Security.html#component-documentation . not sure what the SecureIdentity login module is used for but to secure datasource password you can use credential-store.
Reply all
Reply to author
Forward
0 new messages