WildFly 13 web-app not showing authentication form when using BASIC authentication
sergiu_pienar Jun 21, 2018 9:06 AMI'm currently migrating an app from JBoss 5 to WildFly 13.
The app consists of an EAR that packs a series of ejbs into a jar and several WAR files holding web apps.
One of the web apps' web.xml looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>My App</display-name>
<!-- RESTful web services support -->
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>com.test.Dispatcher</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!-- order of security-constraint in web.xml is very important!!! -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LOGON</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>automatic generated role</description>
<role-name>LOGON</role-name>
</security-role>
</web-app>
The jboss-web only defines the security realm that I have configured:
<jboss-web><security-domain>myRealm</security-domain></jboss-web>
For all it's worth, due to the I would have expected that the BASIC auth method would prompt the browser login form to show up when I'm calling any resource.
The security subsystem defines a custom security domain, named myRealm, that uses jdbc queries:
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="myRealm" cache-type="default">
<authentication>
<login-module code="com.login.LoginModule" flag="required" module="org.jboss.login">
<module-option name="dsJndiName" value="java:jboss/datasources/datasourceDSXA"/>
<module-option name="hashAlgorithm" value="SHA"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="principalsQuery" value="SELECT ...."/>
<module-option name="rolesQuery" value="SELECT ...."/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
</subsystem>
Ideas on what I might be doing wrong ?