8 Replies Latest reply on Nov 9, 2015 8:39 AM by eric.wittmann

    How to enforce webapp authentication but not authorization

    eric.wittmann

      Short question:

      Is there a way to require users to authenticate without to a webapp without requiring the user to have any roles?

       

      More detail:

      If I use a login module that doesn't return any roles (or more simply, if I use standard wildfly app authentication and I add a user via add-user.sh and leave the 'roles' field empty), is it then possible for that user to authenticate into a web app?

       

      It seems that the web.xml requires an auth-constraint (role).  For example:

       

        <security-constraint>
          <web-resource-collection>
            <web-resource-name>authtest</web-resource-name>
            <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
            <role-name>user</role-name>
          </auth-constraint>
        </security-constraint>
      

       

      But let's say I'm using LDAP to authenticate and my directory doesn't have any roles/groups configured.  Is there a way to not require the auth-constraint?

       

      If not, is there a way to make wildfly automatically add a role whenever a user authenticates?