4 Replies Latest reply on Oct 20, 2017 5:39 AM by fabi.yo.4

    Dynamically add security domain with war deployment.

    fabi.yo.4

      I use multiple security domains on my application server with different applications. I don't want to manage the security domains via the standalone.xml.

       

      I found this article: Chapter 7. Dynamic Security Domains

       

      But it is not working at all! Security domain is not recognised. I wonder if the xml at all is used..

       

      I found also this link: Re: How to add or remove roles for a given user?

       

      Interesting topic to add security domain via a java class. But it does not describe how to do it and where to put the Java class, @Singleton? CDI? The topic is a bit outdated also. I was looking for a more modern solution for this. Either deployment xml or Java class is ok.

       

      Anybody who recently had the same issue?

       

      Thanks

        • 1. Re: Dynamically add security domain with war deployment.
          mchoma

          Which wildfly version are we talking here about?

           

          In recent versions you can add security domain only via standalone.xml. Do you know about possibility to configure wildfly with CLI commands? In the end standalone.xml is changed. Is it option for you? You can call that automatically from script.

          • 2. Re: Dynamically add security domain with war deployment.
            fabi.yo.4

            WildFly 10+.

             

            Yes I am aware of CLI. The purpose is to add everything in my war. I can add a datasource which in the end is simply the same datasource as the standalone, only in a separate xml file which is present in the deployed war (jboss-ds.xml).

             

            The CLI looks only useful to me when managing thousands of servers and you don't want to go edit each standalone.xml separetely. I always edit directly the standalone.xml.

            • 3. Re: Dynamically add security domain with war deployment.
              mchoma

              There is nothing like that - separate xml file to configure security domains.

               

              With CLI you can automate things. For example 1. configure server with CLI 2. deploy war. For example with wildfly maven plugin.

               

              PicketBox security domains are just JAAS Login Modules. So in theory you could use java process wide jaas.conf, e.g. java -Djava.security.auth.login.config=jaas.conf. But I really wouldn't go this way

              • 4. Re: Dynamically add security domain with war deployment.
                fabi.yo.4

                Ok tnx for the clarification!