Hi Arkady,
Here’s a quickstart example that shows how to configure EJB over HTTP: https://github.com/wildfly/quickstart/tree/master/ejb-security
Essentially, you only need to add the security domain mapping to the EJB3 subsystem as follows:
/subsystem=ejb3/application-security-domain={DomainName}:add(security-domain={ElytronSecurityDomain})
And then you can update the http-remoting-connector to use the out of the box sasl-authentication-factory “application-sasl-authentication” as follows:
/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory,value=application-sasl-authentication)
The above configuration is the simplest one, but if you would like a more detailed example showing how to configure your realms, domain and EJB over HTTP you can also check out this quickstart example:
You can ignore the credential store configuration.
Regards,
Sonia
Hi Arkady,
If you want to use EJB over HTTP, you have to configure an http-authentication-factory in the undertow subsystem as shown here: https://docs.wildfly.org/23/Developer_Guide.html#Jakarta_Enterprise_Beans_over_HTTP
The http-invoker should be enabled by default in the standard configuration. If that’s the case, you should first undefine the security-realm attribute as follows:
/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker:undefine-attribute(name=security-realm)
And then add the http-authentication-factory as follows:
/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker:write-attribute(name=http-authentication-factory,value=application-http-authentication)
Additionally, in your invocation you need to make sure to use /wildfly-services in your URL, which I see you have already done.
However, by inspecting your configuration, I see you are modifying the http-remoting-connector in the remoting subsystem in your code snippet by adding a sasl-authentication-factory. You shouldn’t be doing this if you want to configure EJB over HTTP. Perhaps you are trying to configure EJB over remoting as opposed to EJB over HTTP?
EJB over Remoting uses SASL and you mentioned this configuration worked for you before, so perhaps this is what you were looking for. Here’s a blog post on how to configure EJB over Remoting: https://developer.jboss.org/people/fjuma/blog/2017/09/08/getting-started-with-ejbs-and-elytron-part-1
Regards,
Sonia
Hi Arkady,
Here’s more information on how to configure your own http authentication factory: https://docs.wildfly.org/20/WildFly_Elytron_Security.html#configure-an-http-authentication-factory
As for your previous message, could you please send your current configuration? I am not sure whether you are using EJB over HTTP or EJB over Remoting.
Regards,
Sonia
--
You received this message because you are subscribed to a topic in the Google Groups "WildFly" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wildfly/anZGOJAsUzU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/a8e0f58c-e0ac-43c3-b0df-b62568fc0992n%40googlegroups.com.