One more question regarding conversion from Glassfish to Wildfly. I was able to get Authentication working properly using JASPIC and a security-domain, but as our application has been written over the past 15 years it was developed with some publicly available pages which don't require authorization, and a good many pages that do.
With Glassfish, we had specified HttpServlet level authorization which let us specify which URLs required authentication and which didn't. Wildfly seems to be limited to the entire application (all or nothing approach). Is this correct or am I missing something.
Basically I'm looking for the replacement for the following configuration for Glassfish in the Wildfly format. I've been through forums, books, stackoverflow, etc. Any ideas?
<message-security-config auth-layer="HttpServlet">
<provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule">
<request-policy auth-source="sender"></request-policy>
<response-policy></response-policy>
<property name="restAuthURL" value="http://localhost:${ADMIN_LISTENER_PORT}/management/sessions"></property>
<property name="loginPage" value="/login.jsf"></property>
<property name="loginErrorPage" value="/loginError.jsf"></property>
</provider-config>
<provider-config provider-type="server" provider-id="roast" class-name="name.aikesommer.authenticator.AuthModule">
<request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
<response-policy></response-policy>
</provider-config>
</message-security-config>
<property name="default-digest-algorithm" value="SHA-256"></property>
</security-service>