1 Reply Latest reply on Jul 25, 2018 3:34 AM by mchoma

    Custom login-module functionality using Elytron


      Hello everyone, I am migrating from legacy security subsystem to Elytron, and I have found a blocking problem.

      Wildfly in domain mode is used.

      In a legacy security subsystem, I have a custom login-module that does some authentication and authorization.


      Elytron doesn't have login-modules, but security realms instead. There is no default realm that matches my existing functionality, so I need to define a custom security realm. Custom security realms must be defined in a JBoss module, which can be "static" (added with module add command) or "dynamic" (deployed as a normal jar/war and given name with format: deployment.<deploymentName>.<packaging>).
      The problem is, module add command doesn't exist in domain mode, which means creating custom security domain as a static module can't be achieved without complicated Wildfly patching. Regarding dynamic modules, there is another problem, my module isn't recognised by Elytron, I simply get ModuleNotFoundException when adding my custom realm to the subsystem.


      Can anyone confirm that Elytron does or doesn't accept dynamic modules for custom security realms? And if it does, why do I get ModuleNotFoundException?


      Legacy security:

      /profile=ha/subsystem=security/security-domain=my-security-domain/authentication=classic:add(login-modules=[{"code"=>"path.to.my.login.module.class.MyLoginModule", "flag"=>"required"}]

      => Ok.



      /profile=ha/subsystem=elytron/custom-realm=my-security-realm:add(class-name=path.to.my.security.realm.class.MySecurityRealm, module=deployment.deploymentName.war)

      => Gives ModuleNotFoundException error.



      Pardon my bad English.


      Managed to do successful jndi lookup in module code and my problem changed slightly, and since I didn't receive any answers so far, I updated the question

        • 1. Re: Custom login-module functionality using Elytron

          1. "module add" really does not work in domain, as it can work only locally. It  could be confusing - user could expect module will be added to whole domain. You should add module by hand.

          2. I personally wouldnt expect subsystem configuration can depend on deployment module. At least there will be problem with order of loading.


          To sum up create module manually on all your controllers in domain and everything should work like in standalone mode.

          1 of 1 people found this helpful