Meaning of 'realm' and 'security-domain' ?
rsoika Jan 7, 2014 2:00 PMHi,
I have a question about the right understanding of the security configuration in WildFly.
I succeeded to configure my EAR with a security-domain using a Database Login Module. It works great! And I am again impressed how easy it is to configure WildFly. But I have a problem with the meaning of 'realms' and 'security-domains' in WildFly.
In my standalong.xml file I added the following configuration for a new Database Login Module:
<security-domain name="imixsrealm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jdbc/imixs_office"/>
<module-option name="principalsQuery" value="select PASSWORD from USERID where ID=?"/>
<module-option name="rolesQuery" value="select GROUP_ID,'Roles' from USERID_USERGROUP where ID=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="unauthenticatedIdentity" value="anonymous"/>
</login-module>
</authentication>
</security-domain>
Next I added into the WEB-INF folder of my war module a 'jboss-web.xml' file with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>imixsrealm</security-domain>
</jboss-web>
and into the EJB module a 'jboss-ejb3.xml' file with this content:
<?xml version="1.1" encoding="UTF-8"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:security:1.1"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"
version="3.1" impl-version="2.0">
<assembly-descriptor>
<s:security>
<ejb-name>*</ejb-name>
<!-- other imixsrealm -->
<s:security-domain>imixsrealm</s:security-domain>
<s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
</s:security>
</assembly-descriptor>
</jboss:ejb-jar>
But what I am wondering about is that in the web.xml file I need the following login-config entry
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ApplicationRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/loginerror.jsf</form-error-page>
</form-login-config>
</login-config>
My question is: Why must be the realm-name in web.xml set to 'ApplicationRealm' ? Here I expected that I could set 'imixsrealm'.
It looks to me that in WildFly the realm-name used in web.xml must always be 'ApplicationRealm' and can not be changed?
Or is there a way to change the realm-name in web.xml - maybe I have only misunderstood something?
But the database login module works excellent - so I am fine with my current configuration ;-)
====
Ralph