Hi,
I would like to secure my web application using just core JEE7 features to allow deployment on various application servers. I cannot make it work without jboss-web.xml and I do not know why?
First configure WildFly standalone.xml
<security-realm name="TgwRealm"> <authentication> <jaas name="tgw-security-domain"/> </authentication> </security-realm>
.....
<security-domain name="tgw-security-domain" cache-type="default"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:/TgwDS"/> <module-option name="principalsQuery" value="select password from tgw_user where username = ?"/> <module-option name="rolesQuery" value="select role,'Roles' from tgw_user where username = ?"/> <module-option name="hashStorePassword" value="false"/> <module-option name="unauthenticatedIdentity" value="GUEST"/> </login-module> </authentication> </security-domain>
web.xml
<login-config> <auth-method>FORM</auth-method> <realm-name>TgwRealm</realm-name> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/login-error.xhtml</form-error-page> </form-login-config> </login-config>
jboss-web.xml
<jboss-web> <security-domain>tgw-security-domain</security-domain> </jboss-web>
Everything works, but I would like to get rid of jboss-web.xml. When I remove jboss-web.xml it stops working. Why? What should I do to make it work without jboss-web.xml?
Thanks T.