-
1. Re: Is jboss-web.xml still needed for Elytron Security Domains ?
rhatlapa Oct 5, 2017 6:52 AM (in response to mylos78)1 of 1 people found this helpfulThe security domain still needs to be defined. You can either define security domain directly in jboss-web.xml or you can define default one in Undertow subsystem (/subsystem=undertow:write-attribute(name=default-security-domain, value=`@NAME_OF_YOUR_SECURITY_DOMAN@`). Note in case of elytron you need to have defined application-security-domain in undertow with the given name.
-
2. Re: Is jboss-web.xml still needed for Elytron Security Domains ?
dlofthouse Oct 5, 2017 6:56 AM (in response to rhatlapa)+1 to the comment from Radim - this blog post shows a web application migrated to Elytron security using the default security domain on the Undertow subsystem combined with an application-security-domain definition Darran's WildFly Blog: WildFly Elytron - Add Kerberos Authentication To Existing Web Application
-
3. Re: Is jboss-web.xml still needed for Elytron Security Domains ?
davidj Mar 21, 2018 5:46 PM (in response to dlofthouse)The original question is: Do you need to modify BOTH web.xml and jboss-web.xml to get Elytron working. In my case, I only need to modify jboss-web.xml. My jboss-web.xml has the following line:
<security-domain>vcr-application-domain</security-domain>
My web.xml has nothing in-regards to security, except for the <security-constraint> and <security-role> tags.
If I remove the security line in jboss-web.xml and enter the following in web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>vcr-application-domain</realm-name>
</login-config>
, this does NOT work (basic authentication always fails).
Therefore, I conclude that only jboss-web.xml is needed (assuming all the required realms, domain, http-authentication-factory, and http-authentication are setup in standalone-full.xml).
I'm not sure if I like this. I like to keep as much as possible is standard/well-known files. If I was new to a project, a logical place to look would be "web.xml". But on the other hand, since Elytron is so ingrained in Wildfly/EAP 7.1, I guess it makes sense to put the configuration inside a JBoss specific file.
I'm curious if anyone has this working only using web.xml.
The official documentation implies web.xml needs to be modified: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_identity_management/elytron_secure_apps#elytron_apps_DBAuth
The exact quote is:
Your application’s
web.xml
andjboss-web.xml
must be updated to use theapplication-security-domain
you configured in JBoss EAP.The official configuration document says the same this:: Chapter 2. Elytron Subsystem - Red Hat Customer Portal
Thoughts?