Problem adding SSL to web app in Wildfly 8
dhileman Apr 21, 2014 1:54 PMHello. I have a web app running in Wildfly 8. I recently learned how to secure the application with JAAS. Next, I need to enable SSL (HTTPS) for my web app, but I am having difficulty doing so.
Here is how I have configured JAAS.
web.xml:
<security-constraint> <display-name>protected-pages</display-name> <web-resource-collection> <web-resource-name>protected-pages</web-resource-name> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>User</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>ApplicationRealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/loginError.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>User</role-name> </security-role>
jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/jdbcSecurityRealm</security-domain> </jboss-web>
And finally, I added a security domain to the security subsystem in standalone.xml:
<security-domain name="jdbcSecurityRealm" cache-type="default"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/> <module-option name="principalsQuery" value="select passcode from wf_users where username=?"/> <module-option name="rolesQuery" value="select groupname, 'Roles' from wf_groups where username=?"/> <module-option name="hashAlgorithm" value="MD5"/> <module-option name="hashEncoding" value="base64"/> <module-option name="unauthenticatedIdentity" value="guest"/> </login-module> </authentication> </security-domain>
Everything works so far with JAAS, but if I change transport-guarantee to CONFIDENTIAL to enable SSL, it doesn't work, page not found error.
So here is my attempt to enable SSL for Wildfly 8. First I generated a certificate keystore:
keytool -genkey -alias wildfly -keyalg RSA
I then created a new security realm under the management section:
<security-realm name="SslRealm"> <server-identities> <ssl> <keystore path="C:\Users\dhileman\.keystore" keystore-password="wildfly"/> </ssl> </server-identities> </security-realm>
Then, I added an https listener to the undertow subsystem
<https-listener name="https" socket-binding="https" security-realm="SslRealm"/>
I think this should work, according to several guides, but I cannot get wildfly to start. I'm getting a parse error, unexpected element <https-listener>:
ParseError at [row,col]:[391,83]
Message: JBAS014789: Unexpected element '{urn:jboss:domain:undertow:1.0}https-listener' encountered
Any idea where to go from here?
EDIT: Thanks @Rituraj Sinha
I am a dumby. All i needed to do was move the https-listener into the server section instead of directly under the subsystem. After that, everything worked!
-
web.xml 1.9 KB
-
jboss-web.xml 131 bytes
-
standalone.xml 21.6 KB