-
1. Re: JBoss add_user.sh script vs Security Domain
dlofthouse May 1, 2018 7:26 AM (in response to kevenliu)1 of 1 people found this helpfulAll the add-user utility currently does is manipulate the management and application properties files included in the WildFly distribution.
If you use a security realm that uses these files it will have an effect, however if you switch to something else like a database then this utility will have no further effect.
We do have some future plans to make this usable with different Elytron security realms so we could cover database and LDAP but that is not in the imminent horizon.
-
2. Re: JBoss add_user.sh script vs Security Domain
kevenliu May 1, 2018 2:47 PM (in response to dlofthouse)Thank you I get it!
I'm having issue with role-mapping, it always show this in log trace:
PBOX000292: Insufficient method permissions [principal: null, EJB name: SSLBean, method: findVarialbles, interface: Local, required roles: Roles(administrator,user,), principal roles: Roles(), run-as roles: null]
However, I already setup my standalone.xml like this
<login-module code="Database" flag="required"><module-option name="dsJndiName" value="java:jboss/datasources/pdbAuth"/>
<module-option name="principalsQuery" value="select password from authentication where username=?"/>
<module-option name="rolesQuery" value="select group_name, 'Roles' from user_group ug inner join authentication a on ug.user_id = a.id where a.username = ?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
<login-module code="RoleMapping" flag="required">
<module-option name="rolesProperties" value="file:${jboss.server.config.dir}/app.properties"/>
<module-option name="replaceRole" value="false"/>
</login-module>
And I set
<security-domain>java:/jaas/app</security-domain>
in jboss-web.xml.
In app.properties I also declared my role-mappings. In the Bean I use the annotation @SecurityDomain("app")
The error above still shows up, any idea what's the cause?
Thanks!
-
3. Re: JBoss add_user.sh script vs Security Domain
mchoma May 3, 2018 2:03 AM (in response to kevenliu)If you are starting with WildFly I recommend you to migrate to Elytron directly. Legacy security solution you are investing into is already deprecated.