Elytron RMI with jdbc-realm + fallback (wildfly 11)
ainsel Nov 27, 2017 4:24 PMHi,
I' am new trying to get to work ejb-secure example using database instead of property files, but I'am getting the "PLAIN : Server rejected authentication" error.
Eventually I would also like to configure a fallback to second type of authentication ( property file).
In found 1 old response that advise to allow plain-text on the sever but it was relating to old jboss 7 and JAAS.
standalone.xml so far:
<subsystem xmlns="urn:jboss:domain:ejb:5.0">
......
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
</remote>
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="other" security-domain="jdbc-domain"/>
<application-security-domain name="other1" security-domain="ApplicationDomain"/>
</application-security-domains>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
....
<security-domains>
....
<security-domain name="jdbc-domain" default-realm="jdbc-realm" permission-mapper="default-permission-mapper" >
<realm name="jdbc-realm" role-decoder="groups-to-roles"/>
</security-domain>
</security-domains>
<security-realms>
....
<jdbc-realm name="jdbc-realm">
<principal-query sql="SELECT password, roles FROM wildfly_users WHERE users=?" data-source="databaseDS">
<attribute-mapping>
<attribute to="groups" index="2"/>
</attribute-mapping>
<clear-password-mapper password-index="1"/>
</principal-query>
</jdbc-realm>
</security-realms>
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="elytron" security-domain="jdbc-domain">
<mechanism-configuration>
<mechanism mechanism-name="PLAIN"/>
</mechanism-configuration>
</sasl-authentication-factory>
</sasl>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<endpoint/>
<http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/>
</subsystem>
and the wildfly-client.xml
<configuration>
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<set-user-name name="quickstartUser"/>
<credentials>
<clear-password password="quickstartPwd1!"/>
</credentials>
<sasl-mechanism-selector selector="PLAIN"/>
<providers>
<use-service-loader />
</providers>
</configuration>
</authentication-configurations>
</authentication-client>
</configuration>