0 Replies Latest reply on Nov 15, 2015 2:46 AM by tonda100

    WildFly custom realm without jboss-web.xml

    tonda100
    tonda100 Nov 15, 2015 2:46 AM

      Hi,

      I would like to secure my web application using just core JEE7 features to allow deployment on various application servers. I cannot make it work without jboss-web.xml and I do not know why?

       

      First configure WildFly standalone.xml

           <security-realm name="TgwRealm">
          <authentication>
               <jaas name="tgw-security-domain"/>
          </authentication>
    </security-realm>

      .....

                     <security-domain name="tgw-security-domain" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/TgwDS"/>
                            <module-option name="principalsQuery" value="select password from tgw_user where username = ?"/>
                            <module-option name="rolesQuery" value="select role,'Roles' from tgw_user where username = ?"/>
                            <module-option name="hashStorePassword" value="false"/>
                            <module-option name="unauthenticatedIdentity" value="GUEST"/>
                        </login-module>
                    </authentication>
                </security-domain>

       

      web.xml

      <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>TgwRealm</realm-name>
  <form-login-config>
    <form-login-page>/login.xhtml</form-login-page>
    <form-error-page>/login-error.xhtml</form-error-page>
  </form-login-config>
</login-config>

       

      jboss-web.xml

      <jboss-web>
  <security-domain>tgw-security-domain</security-domain>
</jboss-web>

       

      Everything works, but I would like to get rid of jboss-web.xml. When I remove jboss-web.xml it stops working. Why? What should I do to make it work without jboss-web.xml?

      Thanks T.