WildFly security mappings in jboss-web.xml
allvi Aug 5, 2014 3:26 PMSecurity mappings in jboss-web.xml from an app role name to a real group name seems not to work anymore in Wildfly 8.1. It worked with JBoss 7.1.
The authentication with "org.jboss.security.auth.spi.LdapExtLoginModule" works:
<security-domain name="ldap_security_domain">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://alzhdc01:389"/>
<module-option name="java.naming.referral" value="follow"/>
... etc.
</login-module>
</authentication>
</security-domain>
My jboss-web.xml looks like:
<jboss-web>
<security-domain>java:/jaas/ldap_security_domain</security-domain>
<security-role>
<description>example of mapping an app role name to real group name. This way we can take advantage of already existing groups</description>
<role-name>SUPERUSER_ROLE</role-name><!-- the role name appearing in the standard web.xml dd -->
<principal-name>Superuser</principal-name><!-- the existing role in your credential repo -->
</security-role>
... etc.
</jboss-web>
and in web.xml I have following code:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldap_security_domain</realm-name>
<form-login-config>
<form-login-page>/faces/pages/login.xhtml</form-login-page>
<form-error-page>/faces/pages/login-error.xhtml</form-error-page>
</form-login-config>
</login-config>
Now if I call for a authenticated user following code he has not the corresponding role.
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
externalContext.isUserInRole(JSFConstants.ROLE_SUPERUSER);
If I start the WildFly server I get not errors. Do you have any idea? Thank you in advance.