-
1. Re: Security domain / realm configuration inside EAR and outside standalone.xml
What about variable replacement with ${variable} inside standalone.xml? Would it help to solve your issue?
-
2. Re: Security domain / realm configuration inside EAR and outside standalone.xml
Probably yes, but due the fact the different config artifacts are spreaded in the standalone.xml it might be not as clean as desired.
Below the secured LDAP authenication and domains.
...
<security-realm name="ldap-security-realm">
<authentication>
<truststore path="jssecacerts" relative-to="jboss.server.config.dir" keystore-password="xxx"/>
<ldap connection="ldap-connection" base-dn="DC=a,DC=b,DC=c" recursive="true" allow-empty-passwords="false">
<advanced-filter filter="(&(sAMAccountName={0}))"/>
</ldap>
</authentication>
</security-realm>
...
<outbound-connections>
<ldap name="ldap-connection" url="ldaps://172.10.10.10:3333" search-dn="CN=crm-bind,OU=Dienste,OU=Hamburg,OU=Deutschland,DC=a,DC=b,DC=c" search-credential="ldap_pass" security-realm="ldap-security-realm"/>
</outbound-connections>
...
<security-domain name="projectsecure" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="realm" value="ldap-security-realm"/>
</login-module>
</authentication>
<mapping>
<mapping-module name="mapRoleToUser" code="org.jboss.security.mapping.providers.role.DatabaseRolesMappingProvider" type="role">
<module-option name="dsJndiName" value="java:jboss/datasources/Project-DS"/>
<module-option name="rolesQuery" value="select r.name from user u, role r, user_x_role x where u.id = x.FK_USER and r.id = x.FK_ROLE and u.AD_IDENT = ?"/>
</mapping-module>
</mapping>
</security-domain>
...