Wildfly 24 and Filerealms?

[Ralph Soika]

Hi,
Can anybody give a short example how a simple filerealm configuriation looks in the new security concept of the standalone.xml file in wildfly 24?

In the previous versions such a securitydomain config looks like this:

<security-domain name="myrealm">
   <authentication>
   <login-module code="UsersRoles" flag="required">
     <module-option name="usersProperties" value="${jboss.server.config.dir}/sampleapp-users.properties"/>
     <module-option name="rolesProperties" value="${jboss.server.config.dir}/sampleapp-roles.properties"/>
   </login-module>
   <login-module code="RoleMapping" flag="required">
    <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/imixsrealm.properties"/>
     <module-option name="replaceRole" value="false"/>
   </login-module>
   </authentication>
</security-domain>

Has any of you a working example?  I've read in a little about elytron, but to be honest I haven't quite understood it yet.

Thanks for any help

===

Ralph

[Darran Lofthouse]

If it is just making use of properties files the default configuration of WildFly already contains an ApplicationDomain which in turn references a realm backed by properties files.

[Ralph Soika]

Hi,

thanks! Ok, just using the default ApplicationDomain works. But still I have the problem with an EJB with an @RunAs declaration:

@DeclareRoles({ "org.imixs.ACCESSLEVEL.MANAGERACCESS" })
@RunAs("org.imixs.ACCESSLEVEL.MANAGERACCESS")
@Stateless
public class AdminPService {
.....

In wildfly 21 I usually added a jboss-ejb3.xml file like this:

<?xml version="1.1" encoding="UTF-8"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:s="urn:security:1.1"
    xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"
    version="3.1" impl-version="2.0">

    <assembly-descriptor>
        <s:security>
            <ejb-name>*</ejb-name>
            <s:security-domain>ApplicationRealm</s:security-domain>
            <!-- This configuration is necessary to enable @runAs for the AdminPService  -->
            <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
        </s:security>
    </assembly-descriptor>

</jboss:ejb-jar>

But this generates now a error message like this:

imixs-app_1  | 10:23:19,304 INFO  [io.jaegertracing.internal.JaegerTracer] (MSC service thread 1-7) No shutdown hook registered: Please call close() manually on application shutdown.
imixs-app_1  | 10:23:19,306 INFO  [org.wildfly.microprofile.opentracing.smallrye] (MSC service thread 1-7) WFLYTRAC0001: Tracer initialized: JaegerTracer(version=Java-1.5.0, serviceName=imixs-process-manager.war, reporter=RemoteReporter(sender=org.wildfly.extension.microprofile.opentracing.spi.sender.WildFlySender@7e1619f9, closeEnqueueTimeout=1000), sampler=ConstSampler(decision=true, tags={sampler.type=const, sampler.param=true}), tags={hostname=45825feef0ff, jaeger.version=Java-1.5.0, ip=192.168.80.3}, zipkinSharedRpcSpan=false, expandExceptionLogs=false, useTraceId128Bit=false)
imixs-app_1  | 10:23:19,541 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("full-replace-deployment") failed - address: ([]) - failure description: {
imixs-app_1  |     "WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.ApplicationRealm"],
imixs-app_1  |     "WFLYCTL0180: Services with missing/unavailable dependencies" => [
imixs-app_1  |         "jboss.deployment.unit.\"imixs-process-manager.war\".component.AdminPService.CREATE is missing [jboss.security.security-domain.ApplicationRealm]",

I am not sure if the jboss-ejb3.xml deployment descriptor is still valid in the new release?

[Ralph Soika]

Finally I succeeded. I wrote a blog with a short tutorial.