11 Replies Latest reply on Apr 6, 2019 9:31 AM by mpetrovics

sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Mar 27, 2019 11:07 AM

Dear Team!

My task is to migrate a web application from jboss-as-7.1.1.Final application server to wildfly-14.0.1.Final server. The applicatin consist of some user modules with different funtionalities and a separate module for EJBs. We have a custom login module (the name is AsirDBLogin) for the authentication and authorization. I followed the instructions of the 13. chapter of the Wildfly Elytron Security document to migrate the legacy security to elytron security. When I start the application, the login form appears and using a valid username/password pair, the login is succesful, as the log proves it.

14:27:23,982 TRACE [org.jboss.security] (default task-1)(::_Dra79C8XBqukByTK0tWwOcWPHi6RU1L_OejQFrt:) PBOX00210: defaultLogin, login context: javax.security.auth.login.LoginContext@283a1b4b, subject: Subject(1172648526).principals=hu.softic.asir.AsirUserPrincipal@137673406([name=mandid,system=PairSystem])org.jboss.security.SimpleGroup@254679550(Roles(members:[name=database_importer,system=PairSystem],[name=dataimputer,system=PairSystem],[name=datachecker_multi,system=PairSystem],[name=exchange_rate_recorder,system=PairSystem],[name=admin,system=PairSystem],[name=exchange_rate_supervisor,system=PairSystem],[name=dataapprover,system=PairSystem],[name=database_exporter,system=PairSystem],[name=queryrunner_internal,system=PairSystem],[name=querydesigner,system=PairSystem],[name=datarecorder_internal,system=PairSystem],[name=datachecker,system=PairSystem],[name=validation_rules_editor,system=PairSystem],[name=master_data_admin,system=PairSystem]))org.jboss.security.SimpleGroup@254679550(CallerPrincipal(members:[name=mandid,system=PairSystem]))

14:27:23,983 TRACE [org.jboss.security] (default task-1)(::_Dra79C8XBqukByTK0tWwOcWPHi6RU1L_OejQFrt:) PBOX00207: updateCache, input subject: Subject(1172648526).principals=hu.softic.asir.AsirUserPrincipal@137673406([name=mandid,system=PairSystem])org.jboss.security.SimpleGroup@254679550(Roles(members:[name=database_importer,system=PairSystem],[name=dataimputer,system=PairSystem],[name=datachecker_multi,system=PairSystem],[name=exchange_rate_recorder,system=PairSystem],[name=admin,system=PairSystem],[name=exchange_rate_supervisor,system=PairSystem],[name=dataapprover,system=PairSystem],[name=database_exporter,system=PairSystem],[name=queryrunner_internal,system=PairSystem],[name=querydesigner,system=PairSystem],[name=datarecorder_internal,system=PairSystem],[name=datachecker,system=PairSystem],[name=validation_rules_editor,system=PairSystem],[name=master_data_admin,system=PairSystem]))org.jboss.security.SimpleGroup@254679550(CallerPrincipal(members:[name=mandid,system=PairSystem])), cached subject: Subject(203386979).principals=hu.softic.asir.AsirUserPrincipal@137673406([name=mandid,system=PairSystem])org.jboss.security.SimpleGroup@254679550(Roles(members:[name=database_importer,system=PairSystem],[name=dataimputer,system=PairSystem],[name=datachecker_multi,system=PairSystem],[name=exchange_rate_recorder,system=PairSystem],[name=admin,system=PairSystem],[name=exchange_rate_supervisor,system=PairSystem],[name=dataapprover,system=PairSystem],[name=database_exporter,system=PairSystem],[name=queryrunner_internal,system=PairSystem],[name=querydesigner,system=PairSystem],[name=datarecorder_internal,system=PairSystem],[name=datachecker,system=PairSystem],[name=validation_rules_editor,system=PairSystem],[name=master_data_admin,system=PairSystem]))org.jboss.security.SimpleGroup@254679550(CallerPrincipal(members:[name=mandid,system=PairSystem]))

14:27:23,985 TRACE [org.jboss.security] (default task-1)(::_Dra79C8XBqukByTK0tWwOcWPHi6RU1L_OejQFrt:) PBOX00208: Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@68ca5f23

14:27:23,986 TRACE [org.jboss.security] (default task-1)(::_Dra79C8XBqukByTK0tWwOcWPHi6RU1L_OejQFrt:) PBOX00201: End isValid, result = true

After that the system requests for the list of user related items from the database using the DataEntry EJB. The EJB needs the caller username and tries to get it with the call of sessionContext.getCallerPrincipal().getName(), which always returns the name of 'anonymous'.

I don't know, where the mistake is.

The standalone.xml related parts are:

- - -

<application-security-domains>

<application-security-domain name="asir-db-login" security-domain="asir-db-login-domain"/>

</application-security-domains>

- - -

</subsystem>

- - -

<security-domains>

- - -

<security-domain name="asir-db-login-domain" default-realm="asir-db-login-realm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">

</security-domain>

</security-domains>

- - -

<http>

- - -

<http-authentication-factory name="application-security-http" security-domain="asir-db-login-domain" http-server-mechanism-factory="global">

<mechanism-configuration>

<mechanism-realm realm-name="asir-db-login-realm"/>

</mechanism>

</mechanism-configuration>

</http-authentication-factory>

</http>

- - -

</subsystem>

<http-connector name="http-remoting-connector" connector-ref="default" />

</subsystem>

<security-domains>

- - -

<security-domain name="AsirDBLogin" cache-type="default">

<login-module code="hu.softic.asir.AsirLogin" flag="required">

<module-option name="multi-threaded" value="true"/>

<module-option name="restore-login-identity" value="true"/>

</login-module>

</authentication>

</security-domain>

</security-domains>

<elytron-integration>

<security-realms>

<elytron-realm name="asir-db-login-realm" legacy-jaas-config="AsirDBLogin" apply-role-mappers="false" />

</security-realms>

</elytron-integration>

</subsystem>

- - -

<application-security-domains>

<application-security-domain name="asir-db-login" http-authentication-factory="application-security-http"/>

</application-security-domains>

- - -

</subsystem>

The EJB is annotated like this:

@Stateless

@Remote(DataEntry2.class)

@TransactionManagement(TransactionManagementType.CONTAINER)

@SecurityDomain("asir-db-login")

@PermitAll

public class DataEntry2Bean implements DataEntry2 {

- - -

}

The EJB receives the call, but the caller is not the user who has logged in, anonymous instead.

Please, help me. I need urgent help to resolve it.

1. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mchoma Mar 28, 2019 3:15 AM (in response to mpetrovics)

The log you provided uses legacy security. Not Elytron as I would expect. What do you have in jboss-web.xml? Aren't you still referencing legacy security domain AsirDBLogin? It should be Elytron application-security-domain asir-db-login.

How is your EJB called? I suppose it is in-JVM call from frontend? And what is not working for you is propagation of identity from web to ejb? Is it same for EJBContext.getCallerPrincipal() ?
Actions
2. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Mar 28, 2019 6:44 AM (in response to mchoma)

Dear Martin!

Thank yor for your attention! The jboss-web.xml of the related web_user modul looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
     "-//JBoss//DTD Web Application 5.0//EN"
     "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
     <security-domain>asir-db-login</security-domain>
     <resource-ref>
          <res-ref-name>jdbc/main</res-ref-name>
          <jndi-name>java:jboss/main</jndi-name>
     </resource-ref>
</jboss-web>

All the references to legacy AsirDBLogin was changed to asir-db-login at the migration step.

When the user sends a request to the web_user/dataentries/home.do url, as he hasn't logged yet, the login form appears. When the login succeded, the proper struts2 action invokes the getDataSuppliersCount method of the DataEntry2Bean. The first line of this method writes a line of audit log. Here it is:

10:55:35,295 INFO [hu.softic.asir.AUDIT] (default task-1)(:mandid:aafSMgppYTSrjmP0fAadmDFqw4IJqqcmKs1dWJ_e:) <invocation timestamp='Thu Mar 28 10:55:35 CET 2019' login-name='anonymous' interface='hu.softic.asir.businesslogic.dataentry2.bean.DataEntry2' method='getDataSuppliersCount'>

The login-name is 'anonymous', which comes from the sessionContext.getCallerPrincipal().getName() call. The sessionContext declared as shown below:

@Stateless
@Remote(DataEntry2.class)
@TransactionManagement(TransactionManagementType.CONTAINER)
@SecurityDomain("asir-db-login")
@PermitAll
public class DataEntry2Bean implements DataEntry2 {

     protected final Logger logger = Logger.getLogger(getClass());

     @Resource
     private SessionContext sessionContext;

     - - -
}

The call of sessionContext.getCallerPrincipal() is the same as EJBContext.getCallerPrincipal(). And yes, you see right, the problem is that the identity is not propagated to EJB3 subsystem.

Sould I declare a proper security realm for the http-connector in the remoting subsystem?

Michael Petrovics
Actions
3. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

marcoben73 Mar 28, 2019 10:20 AM (in response to mpetrovics)
I had the same problem when login was on legacy security and ejb on new elytron security.
To check you can try on EJB:

import org.wildfly.security.auth.server.SecurityDomain; import org.wildfly.security.auth.server.SecurityIdentity; .... public void ejbMethod() { SecurityIdentity identity = SecurityDomain.getCurrent().getCurrentSecurityIdentity(); if (identity != null && identity.getPrincipal() != null) logger.debugf("security identity [%s]", identity.getPrincipal()); }

If you can see the correct principal name, you have something wrong in elytron configuration.
Actions
4. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Mar 28, 2019 12:35 PM (in response to marcoben73)

Dear Marco!

Thank you for the idea. I modified the code based on your suggestion:

String loginName = sessionContext.getCallerPrincipal().getName() + " (";
SecurityIdentity identity = SecurityDomain.getCurrent().getCurrentSecurityIdentity();
if (identity != null && identity.getPrincipal() != null) {
loginName += identity.getPrincipal().getName();
}
loginName += ")";

The following line appeared in the log:

17:14:31,074 INFO [hu.softic.asir.AUDIT] (default task-4)(:mandid:kpyNSPXjczYv3KDakXoYcbMAorTJ9mEsANtkYHii:) <invocation timestamp='Thu Mar 28 17:14:31 CET 2019' login-name='anonymous (anonymous)' interface='hu.softic.asir.businesslogic.dataentry2.bean.DataEntry2' method='getDataSuppliersCount'>

As you can see, the login name is 'anonymous' in both cases.
In my opinion you are right that something is wrong in the configuration, but I have no idea, what it is.

Michael
Actions
5. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

marcoben73 Mar 29, 2019 4:44 AM (in response to mpetrovics)

I can't see the definition for realm "asir-db-login-realm" under <security-realms> in <subsystem xmlns="urn:wildfly:elytron:4.0"...>.
Can you try to post your entire standalone.xml?
Actions
6. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Mar 29, 2019 5:53 AM (in response to marcoben73)

Thank you for your reply.

As the 13. chapter of the Wildfly 14 Elytron security document says (WildFly Elytron Security ), an Elytron security realm can be exported from legacy security subsystem based on the defined legacy security domain (AsirDBLogin in this case). For this purpose I had to put the below entry into the standalone.xml, under legacy security subsystem:

<subsystem xmlns="urn:jboss:domain:security:2.0">
     <security-domains>
          - - -
         <security-domain name="AsirDBLogin" cache-type="default">
               <authentication>
                    <login-module code="hu.softic.asir.AsirLogin" flag="required">
                         <module-option name="multi-threaded" value="true"/>
                         <module-option name="restore-login-identity" value="true"/>
                    </login-module>
               </authentication>
          </security-domain>
     </security-domains>
     <elytron-integration>
          <security-realms>
               <elytron-realm name="asir-db-login-realm" legacy-jaas-config="AsirDBLogin" apply-role-mappers="false" />
          </security-realms>
     </elytron-integration>
</subsystem>

This exposes the asir-db-login-realm to Elytron subsytem. Based on that, in the the Elytron subsystem need to define a security domain wich references the exported 'asir-db-login-realm'.

<subsystem xmlns="urn:wildfly:elytron:4.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
     - - -
     <security-domains>
          - - -
           <security-domain name="asir-db-login-domain" default-realm="asir-db-login-realm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
               <realm name="asir-db-login-realm"/>
          </security-domain>
     </security-domains>
     - - -
</subsystem>

The documentation doesn't mention anything about an additional definition of this realm amongst Elytron security realms. Both of ejb3 and underow subsystems reference the 'asir-db-login-domain' which references the 'asir-db-login-realm'. That was the logic I have followed. This extract just tries to make the logic easier to understand. Of course I can provide the whole standalon.xml as well. How can I attach a file to my answer?
Actions
7. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Mar 29, 2019 12:34 PM (in response to marcoben73)

Dear Marco4

As you requested, here is the whole standalone.xml:

<server xmlns="urn:jboss:domain:8.0">
     <extensions>
          <extension module="org.jboss.as.clustering.infinispan"/>
          <extension module="org.jboss.as.connector"/>
          <extension module="org.jboss.as.deployment-scanner"/>
          <extension module="org.jboss.as.ee"/>
          <extension module="org.jboss.as.ejb3"/>
          <extension module="org.jboss.as.jaxrs"/>
          <extension module="org.jboss.as.jdr"/>
          <extension module="org.jboss.as.jmx"/>
          <extension module="org.jboss.as.jpa"/>
          <extension module="org.jboss.as.jsf"/>
          <extension module="org.jboss.as.logging"/>
          <extension module="org.jboss.as.mail"/>
          <extension module="org.jboss.as.naming"/>
          <extension module="org.jboss.as.osgi"/>
          <extension module="org.jboss.as.pojo"/>
          <extension module="org.jboss.as.remoting"/>
          <extension module="org.jboss.as.sar"/>
          <extension module="org.jboss.as.security"/>
          <extension module="org.jboss.as.transactions"/>
          <extension module="org.jboss.as.webservices"/>
          <extension module="org.jboss.as.weld"/>
          <extension module="org.wildfly.extension.batch.jberet"/>
          <extension module="org.wildfly.extension.bean-validation"/>
          <extension module="org.wildfly.extension.core-management"/>
          <extension module="org.wildfly.extension.discovery"/>
          <extension module="org.wildfly.extension.ee-security"/>
          <extension module="org.wildfly.extension.elytron"/>
          <extension module="org.wildfly.extension.io"/>
          <extension module="org.wildfly.extension.messaging-activemq"/>
          <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
          <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
          <extension module="org.wildfly.extension.microprofile.opentracing-smallrye"/>
          <extension module="org.wildfly.extension.request-controller"/>
          <extension module="org.wildfly.extension.security.manager"/>
          <extension module="org.wildfly.extension.undertow"/>
          <extension module="org.wildfly.iiop-openjdk"/>
     <extensions>
     <system-properties>
          <property name="org.apache.tomcat.util.http.Parameters.MAX_COUNT" value="20000"/>
          <property name="file.encoding" value="UTF-8"/>
          <property name="com.arjuna.ats.arjuna.allowMultipleLastResources" value="true"/>
          <property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>
          <property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/>
     </system-properties>
     <management>
          <security-realms>
               <security-realm name="ManagementRealm">
                    <authentication>
                         <local default-user="$local" skip-group-loading="true"/>
                         <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                    </authentication>
                    <authorization map-groups-to-roles="false">
                         <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                    </authorization>
               </security-realm>
               <security-realm name="ApplicationRealm">
                    <server-identities>
                         <ssl>
                              <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
                         </ssl>
                    </server-identities>
                    <authentication>
                         <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
                         <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                    </authentication>
               </security-realm>
          </security-realms>
          <audit-log>
               <formatters>
                    <json-formatter name="json-formatter"/>
               </formatters>
               <handlers>
                    <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
               </handlers>
               <logger log-boot="true" log-read-only="false" enabled="false">
                    <handlers>
                         <handler name="file"/>
                    </handlers>
               </logger>
          </audit-log>
          <management-interfaces>
               <http-interface security-realm="ManagementRealm">
                    <http-upgrade enabled="true"/>
                    <socket-binding http="management-http"/>
               </http-interface>
          </management-interfaces>
          <access-control provider="simple">
               <role-mapping>
                    <role name="SuperUser">
                         <include>
                              <user name="$local"/>
                         </include>
                    </role>
               </role-mapping>
          </access-control>
     </management>
     <profile>
          <subsystem xmlns="urn:jboss:domain:logging:6.0">
               <console-handler name="CONSOLE">
                    <level name="TRACE"/>
                    <formatter>
                         <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t)(%x) %s%E%n"/>
                    </formatter>
               </console-handler>
               <periodic-rotating-file-handler name="AUDIT" autoflush="true">
                    <level name="INFO"/>
                    <formatter>
                         <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t)(%x) %s%E%n"/>
                    </formatter>
                    <file relative-to="jboss.server.log.dir" path="audit.log"/>
                    <suffix value=".yyyy-MM-dd"/>
                    <append value="true"/>
               </periodic-rotating-file-handler>
               <periodic-rotating-file-handler name="FILE">
                    <formatter>
                         <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t)(%x) %s%E%n"/>
                    </formatter>
                    <file relative-to="jboss.server.log.dir" path="server.log"/>
                    <suffix value=".yyyy-MM-dd"/>
                    <append value="true"/>
               </periodic-rotating-file-handler>
               <logger category="org.jboss.security">
                    <level name="TRACE"/>
                    <handlers>
                         <handler name="AUDIT"/>
                    </handlers>
               </logger>
               <logger category="com.arjuna">
                    <level name="INFO"/>
               </logger>
               <logger category="sun.rmi">
                    <level name="INFO"/>
               </logger>
               <root-logger>
                    <level name="INFO"/>
                    <handlers>
                         <handler name="CONSOLE"/>
                         <handler name="FILE"/>
                    </handlers>
               </root-logger>
               <formatter name="PATTERN">
                    <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
               </formatter>
               <formatter name="COLOR-PATTERN">
                    <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
               </formatter>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:batch-jberet:2.0">
               <default-job-repository name="in-memory"/>
               <default-thread-pool name="batch"/>
               <job-repository name="in-memory">
                    <in-memory/>
               </job-repository>
               <thread-pool name="batch">
                    <max-threads count="10"/>
                    <keepalive-time time="30" unit="seconds"/>
               </thread-pool>
           </subsystem>
          <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
          <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
          <subsystem xmlns="urn:jboss:domain:datasources:5.0">
               <datasources>
                    <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
                         <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
                         <driver>h2</driver>
                         <security>
                              <user-name>sa</user-name>
                              <password>sa</password>
                         </security>
                    </datasource>
                    <datasource jndi-name="java:jboss/other" pool-name="other" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                         <connection-url>jdbc:oracle:thin:@127.0.0.1:1521:orcl</connection-url>
                         <driver>oracle</driver>
                         <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                         <pool>
                              <min-pool-size>1</min-pool-size>
                              <max-pool-size>30</max-pool-size>
                              <prefill>true</prefill>
                              <flush-strategy>FailingConnectionOnly</flush-strategy>
                         </pool>
                         <validation>
                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
                              <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
                         </validation>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                         <security>
                              <user-name>ASIR</user-name>
                              <password>##############</password>
                         </security>
                    </datasource>
                    <datasource jndi-name="java:jboss/other_public" pool-name="other_public" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                         <connection-url>jdbc:oracle:thin:@127.0.0.1:1521:orcl</connection-url>
                         <driver>oracle</driver>
                         <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                         <pool>
                              <min-pool-size>1</min-pool-size>
                              <max-pool-size>30</max-pool-size>
                              <prefill>true</prefill>
                              <flush-strategy>FailingConnectionOnly</flush-strategy>
                         </pool>
                         <validation>
                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
                              <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
                         </validation>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                         <security>
                              <user-name>ASIR_PUBLIC</user-name>
                              <password>##############</password>
                         </security>
                    </datasource>
                    <datasource jndi-name="java:jboss/other_query" pool-name="other_query" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                         <connection-url>jdbc:oracle:thin:@127.0.0.1:1521:orcl</connection-url>
                         <driver>oracle</driver>
                         <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                         <pool>
                              <min-pool-size>1</min-pool-size>
                              <max-pool-size>30</max-pool-size>
                              <prefill>true</prefill>
                              <flush-strategy>FailingConnectionOnly</flush-strategy>
                         </pool>
                         <validation>
                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
                              <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
                         </validation>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                         <security>
                              <user-name>ASIR_QUERY</user-name>
                              <password>##############</password>
                         </security>
                    </datasource>
                    <datasource jndi-name="java:jboss/main" pool-name="main" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                         <connection-url>jdbc:oracle:thin:@127.0.0.1:1521:orcl</connection-url>
                         <driver>oracle</driver>
                         <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                         <pool>
                              <min-pool-size>1</min-pool-size>
                              <max-pool-size>30</max-pool-size>
                              <prefill>true</prefill>
                              <flush-strategy>FailingConnectionOnly</flush-strategy>
                         </pool>
                         <validation>
                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
                              <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
                         </validation>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                         <security>
                              <user-name>PAIR</user-name>
                              <password>##############</password>
                         </security>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                    </datasource>
                    <datasource jndi-name="java:jboss/main_public" pool-name="main_public" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                         <connection-url>jdbc:oracle:thin:@127.0.0.1:1521:orcl</connection-url>
                         <driver>oracle</driver>
                         <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                         <pool>
                              <min-pool-size>1</min-pool-size>
                              <max-pool-size>30</max-pool-size>
                              <prefill>true</prefill>
                              <use-strict-min>false</use-strict-min>
                              <flush-strategy>FailingConnectionOnly</flush-strategy>
                         </pool>
                         <validation>
                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
                              <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
                         </validation>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                         <security>
                              <user-name>PAIR_PUBLIC</user-name>
                              <password>##############</password>
                         </security>
                    </datasource>
                    <datasource jndi-name="java:jboss/main_query" pool-name="main_query" enabled="true" jta="true" use-java-context="true" use-ccm="true">
                         <connection-url>jdbc:oracle:thin:@127.0.0.1:1521:orcl</connection-url>
                         <driver>oracle</driver>
                         <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                         <pool>
                              <min-pool-size>1</min-pool-size>
                              <max-pool-size>30</max-pool-size>
                              <prefill>true</prefill>
                              <use-strict-min>false</use-strict-min>
                              <flush-strategy>FailingConnectionOnly</flush-strategy>
                         </pool>
                         <validation>
                              <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
                              <stale-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker"/>
                              <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter"/>
                         </validation>
                         <timeout>
                              <blocking-timeout-millis>1800000</blocking-timeout-millis>
                              <idle-timeout-minutes>5</idle-timeout-minutes>
                         </timeout>
                         <security>
                              <user-name>PAIR_QUERY</user-name>
                              <password>##############</password>
                         </security>
                    </datasource>
                    <drivers>
                         <driver name="h2" module="com.h2database.h2">
                              <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
                         </driver>
                         <driver name="oracle" module="com.oracle.ojdbc6">
                              <driver-class>oracle.jdbc.OracleDriver</driver-class>
                              <xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource</xa-datasource-class>
                         </driver>
                    </drivers>
               </datasources>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
               <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:discovery:1.0"/>
          <subsystem xmlns="urn:jboss:domain:ee:4.0">
               <global-modules>
                    <module name="com.akiconfig" slot="main"/>
                    <module name="com.oracle.ojdbc6" slot="main"/>
                    <module name="org.jboss.ironjacamar.jdbcadapters" slot="main"/>
                    <module name="org.dom4j" slot="main"/>
               </global-modules>
               <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
               <concurrent>
                    <context-services>
                         <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
                    </context-services>
                    <managed-thread-factories>
                         <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
                    </managed-thread-factories>
                    <managed-executor-services>
                         <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
                    </managed-executor-services>
                    <managed-scheduled-executor-services>
                         <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
                    </managed-scheduled-executor-services>
               </concurrent>
               <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
           </subsystem>
           <subsystem xmlns="urn:jboss:domain:ee-security:1.0"/>
          <subsystem xmlns="urn:jboss:domain:ejb3:5.0">
               <session-bean>
                    <stateless>
                         <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
                    </stateless>
                    <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
                    <singleton default-access-timeout="5000"/>
               </session-bean>
               <mdb>
                    <resource-adapter-ref resource-adapter-name="activemq-ra"/>
                    <bean-instance-pool-ref pool-name="mdb-strict-max-pool"/>
               </mdb>
               <pools>
                    <bean-instance-pools>
                         <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                         <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
                    </bean-instance-pools>
               </pools>
               <caches>
                    <cache name="simple" aliases="NoPassivationCache"/>
                    <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
               </caches>
               <passivation-stores>
                    <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
                    <file-passivation-store name="file"/>
               </passivation-stores>
               <async thread-pool-name="default"/>
               <timer-service thread-pool-name="default" default-data-store="deault-data-store">
                    <data-stores>
                         <file-data-store name="deault-data-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
                    </data-stores>
               </timer-service>
               <remote connector-ref="http-remoting-connector" thread-pool-name="default">
                    <channel-creation-options>
                         <option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
                         <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
                    </channel-creation-options>
               </remote>
               <thread-pools>
                    <thread-pool name="default">
                         <max-threads count="10"/>
                         <keepalive-time time="100" unit="milliseconds"/>
                    </thread-pool>
               </thread-pools>
               <iiop enable-by-default="false" use-qualified-name="false"/>
               
               <application-security-domains>
                    <application-security-domain name="asir-db-login" security-domain="asir-db-login-domain"/>
               </application-security-domains>
               <default-missing-method-permissions-deny-access value="true"/>
               <log-system-exceptions value="true"/>
          </subsystem>
          <subsystem xmlns="urn:wildfly:elytron:4.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
               <providers>
                    <aggregate-providers name="combined-providers">
                         <providers name="elytron"/>
                         <providers name="openssl"/>
                    </aggregate-providers>
                    <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
                    <provider-loader name="openssl" module="org.wildfly.openssl"/>
               </providers>
               <audit-logging>
                    <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
               </audit-logging>
               <security-domains>
                    <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
                         <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
                         <realm name="local"/>
                    </security-domain>
                    <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
                         <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
                         <realm name="local" role-mapper="super-user-mapper"/>
                    </security-domain>
                    <security-domain name="asir-db-login-domain" default-realm="asir-db-login-realm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
                         <realm name="asir-db-login-realm"/>
                    </security-domain>
               </security-domains>
               <security-realms>
                    <identity-realm name="local" identity="$local"/>
                    <properties-realm name="ApplicationRealm">
                         <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
                         <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                    </properties-realm>
                    <properties-realm name="ManagementRealm">
                         <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
                         <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                    </properties-realm>
               </security-realms>
               <mappers>
                    <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
                         <permission-mapping>
                              <principal name="anonymous"/>
                              <permission-set name="default-permissions"/>
                         </permission-mapping>
                         <permission-mapping match-all="true">
                              <permission-set name="login-permission"/>
                              <permission-set name="default-permissions"/>
                         </permission-mapping>
                    </simple-permission-mapper>
                    <constant-realm-mapper name="local" realm-name="local"/>
                    <simple-role-decoder name="groups-to-roles" attribute="groups"/>
                    <constant-role-mapper name="super-user-mapper">
                         <role name="SuperUser"/>
                    </constant-role-mapper>
               </mappers>
               <permission-sets>
                    <permission-set name="login-permission">
                         <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
                    </permission-set>
                    <permission-set name="default-permissions">
                         <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
                         <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
                         <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
                    </permission-set>
               </permission-sets>
               <http>
                    <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
                         <mechanism-configuration>
                              <mechanism mechanism-name="DIGEST">
                                   <mechanism-realm realm-name="ManagementRealm"/>
                              </mechanism>
                         </mechanism-configuration>
                    </http-authentication-factory>
                    <http-authentication-factory name="application-security-http" security-domain="asir-db-login-domain" http-server-mechanism-factory="global">
                         <mechanism-configuration>
                              <mechanism mechanism-name="FORM" >
                                   <mechanism-realm realm-name="asir-db-login-realm"/>
                              </mechanism>
                         </mechanism-configuration>
                    </http-authentication-factory>
                    <provider-http-server-mechanism-factory name="global"/>
               </http>
               <sasl>
                    <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
                         <mechanism-configuration>
                              <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
                              <mechanism mechanism-name="DIGEST-MD5">
                                   <mechanism-realm realm-name="ApplicationRealm"/>
                              </mechanism>
                         </mechanism-configuration>
                    </sasl-authentication-factory>
                    <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
                         <mechanism-configuration>
                              <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
                              <mechanism mechanism-name="DIGEST-MD5">
                                   <mechanism-realm realm-name="ManagementRealm"/>
                              </mechanism>
                         </mechanism-configuration>
                    </sasl-authentication-factory>
                    <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
                         <properties>
                              <property name="wildfly.sasl.local-user.default-user" value="$local"/>
                         </properties>
                    </configurable-sasl-server-factory>
                    <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
                         <filters>
                              <filter provider-name="WildFlyElytron"/>
                         </filters>
                    </mechanism-provider-filtering-sasl-server-factory>
                    <provider-sasl-server-factory name="global"/>
               </sasl>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:iiop-openjdk:2.1">
               <orb socket-binding="iiop" ssl-socket-binding="iiop-ssl"/>
               <initializers security="identity" transactions="spec"/>
           </subsystem>
          <subsystem xmlns="urn:jboss:domain:infinispan:7.0">
               <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
                    <local-cache name="default">
                         <transaction mode="BATCH"/>
                    </local-cache>
               </cache-container>
               <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
                    <local-cache name="passivation">
                         <locking isolation="REPEATABLE_READ"/>
                         <transaction mode="BATCH"/>
                         <file-store passivation="true" purge="false"/>
                    </local-cache>
               </cache-container>
               <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
                    <local-cache name="passivation">
                         <locking isolation="REPEATABLE_READ"/>
                         <transaction mode="BATCH"/>
                         <file-store passivation="true" purge="false"/>
                    </local-cache>
               </cache-container>
               <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
                    <local-cache name="entity">
                         <transaction mode="NON_XA"/>
                         <object-memory size="10000"/>
                         <expiration max-idle="100000"/>
                    </local-cache>
                    <local-cache name="local-query">
                         <object-memory size="10000"/>
                         <expiration max-idle="100000"/>
                    </local-cache>
                    <local-cache name="timestamps">
                         <transaction mode="NONE"/>
                    </local-cache>
               </cache-container>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:io:3.0">
               <worker name="default"/>
               <buffer-pool name="default"/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
          <subsystem xmlns="urn:jboss:domain:jca:5.0">
               <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
               <bean-validation enabled="true"/>
               <default-workmanager>
                    <short-running-threads>
                         <core-threads count="50"/>
                         <queue-length count="50"/>
                         <max-threads count="50"/>
                         <keepalive-time time="10" unit="seconds"/>
                    </short-running-threads>
                    <long-running-threads>
                         <core-threads count="50"/>
                         <queue-length count="50"/>
                         <max-threads count="50"/>
                         <keepalive-time time="10" unit="seconds"/>
                    </long-running-threads>
               </default-workmanager>
               <cached-connection-manager/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
          <subsystem xmlns="urn:jboss:domain:jmx:1.3">
               <expose-resolved-model/>
               <expose-expression-model/>
               <remoting-connector/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:jpa:1.1">
                <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:jsf:1.1"/>
          <subsystem xmlns="urn:jboss:domain:mail:3.0">
               <mail-session name="default" jndi-name="java:jboss/mail/Default">
                    <smtp-server outbound-socket-binding-ref="mail-smtp"/>
               </mail-session>
               <mail-session name="main" jndi-name="java:jboss/mail/main">
                    <smtp-server outbound-socket-binding-ref="mail-smtp-main"/>
               </mail-session>
               <mail-session name="other" jndi-name="java:jboss/mail/other">
                    <smtp-server outbound-socket-binding-ref="mail-smtp-other"/>
               </mail-session>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:messaging-activemq:4.0">
               <server name="default">
                    <http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/>
                    <http-connector name="http-connector-throughput" socket-binding="http" endpoint="http-acceptor-throughput">
                         <param name="batch-delay" value="50"/>
                    </http-connector>
                    <in-vm-connector name="in-vm" server-id="0"/>
                    <http-acceptor name="http-acceptor" http-listener="default"/>
                    <http-acceptor name="http-acceptor-throughput" http-listener="default">
                         <param name="batch-delay" value="50"/>
                         <param name="direct-deliver" value="false"/>
                    </http-acceptor>
                    <in-vm-acceptor name="in-vm" server-id="0"/>
                    <jms-queue name="pairApproveQueue" entries="pair/approvequeue java:jboss/jms/pair/ApproveQueue"/>
                    <jms-queue name="pairCheckQueue" entries="pair/checkqueue java:jboss/jms/pair/CheckQueue"/>
                    <jms-queue name="pairQueue" entries="pair/queue java:jboss/jms/pair/QueryQueue"/>
                    <jms-queue name="testQueue" entries="queue/test java:jboss/exported/jms/queue/test"/>
                    <jms-queue name="pairExportQueue" entries="pair/exportqueue java:jboss/jms/pair/ExportQueue"/>
                    <jms-queue name="pairImportQueue" entries="pair/importqueue java:jboss/jms/pair/ImportQueue"/>
                    <jms-queue name="pairIdGenQueue" entries="pair/idgenqueue java:jboss/jms/pair/IdGenQueue"/>
                    <jms-queue name="pairUserPassGenQueue" entries="pair/userpassgenqueue java:jboss/jms/pair/UserPassGenQueue"/>
                    <jms-topic name="testTopic" entries="topic/test java:jboss/exported/jms/topic/test"/>
                    <connection-factory name="queue_connection_factory" entries="java:/queue_connection_factory" connectors="in-vm"/>
                    <connection-factory name="InVmConnectionFactory" entries="java:/ConnectionFactory" connectors="in-vm"/>
                    <connection-factory name="RemoteConnectionFactory" entries="RemoteConnectionFactory java:jboss/exported/jms/RemoteConnectionFactory" connectors="http-connector"/>
                    <pooled-connection-factory name="activemq-ra" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory" connectors="in-vm" transaction="xa"/>
               </server>
          </subsystem>
          <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
          <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:1.0" security-enabled="false"/>
          <subsystem xmlns="urn:wildfly:microprofile-opentracing-smallrye:1.0"/>
          <subsystem xmlns="urn:jboss:domain:naming:2.0">
               <remote-naming/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:osgi:1.2" activation="lazy">
               <properties>
                    <property name="org.osgi.framework.startlevel.beginning">
                         1
                    </property>
               </properties>
               <capabilities>
                    <capability name="javax.servlet.api:v25"/>
                    <capability name="javax.transaction.api"/>
                    <capability name="org.apache.felix.log" startlevel="1"/>
                    <capability name="org.jboss.osgi.logging" startlevel="1"/>
                    <capability name="org.apache.felix.configadmin" startlevel="1"/>
               </capabilities>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
          <subsystem xmlns="urn:jboss:domain:remoting:4.0">
               <http-connector name="http-remoting-connector" connector-ref="default" />
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
          <subsystem xmlns="urn:jboss:domain:resource-adapters:5.0"/>
          <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
          <subsystem xmlns="urn:jboss:domain:security:2.0">
               <security-domains>
                    <security-domain name="other" cache-type="default">
                         <authentication>
                              <login-module code="Remoting" flag="optional">
                                   <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                              <login-module code="RealmUsersRoles" flag="required">
                                   <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
                                   <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
                                   <module-option name="realm" value="ApplicationRealm"/>
                                   <module-option name="password-stacking" value="useFirstPass"/>
                              </login-module>
                         </authentication>
                    </security-domain>
                    <security-domain name="jboss-web-policy" cache-type="default">
                         <authorization>
                              <policy-module code="Delegating" flag="required"/>
                         </authorization>
                    </security-domain>
                    <security-domain name="jaspitest" cache-type="default">
                         <authentication-jaspi>
                              <login-module-stack name="dummy">
                                   <login-module code="Dummy" flag="optional"/>
                              </login-module-stack>
                              <auth-module code="Dummy"/>
                         </authentication-jaspi>
                    </security-domain>
                    <security-domain name="jboss-ejb-policy" cache-type="default">
                         <authorization>
                              <policy-module code="Delegating" flag="required"/>
                         </authorization>
                    </security-domain>
                    <security-domain name="AsirDBLogin" cache-type="default">
                         <authentication>
                              <login-module code="hu.softic.asir.AsirLogin" flag="required">
                                   <module-option name="multi-threaded" value="true"/>
                                   <module-option name="restore-login-identity" value="true"/>
                              </login-module>
                         </authentication>
                    </security-domain>
               </security-domains>
               <elytron-integration>
                    <security-realms>
                         <elytron-realm name="asir-db-login-realm" legacy-jaas-config="AsirDBLogin" apply-role-mappers="false" />
                    </security-realms>
               </elytron-integration>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
               <deployment-permissions>
                    <maximum-set>
                         <permission class="java.security.AllPermission"/>
                    </maximum-set>
               </deployment-permissions>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:transactions:5.0">
               <core-environment node-identifier="${jboss.tx.node.id:1}">
                    <process-id>
                         <uuid/>
                    </process-id>
               </core-environment>
               <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
               <coordinator-environment default-timeout="604800"/>
               <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
               <buffer-cache name="default"/>
               <application-security-domains>
                    <application-security-domain name="asir-db-login" http-authentication-factory="application-security-http"/>
               </application-security-domains>
               <server name="default-server">
                    <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
                    <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
                    <host name="default-host" alias="localhost">
                         <location name="/" handler="welcome-content"/>
                         <http-invoker security-realm="ApplicationRealm"/>
                    </host>
               </server>
               <servlet-container name="default">
                    <jsp-config/>
                    <websockets/>
               </servlet-container>
               <handlers>
                    <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
               </handlers>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:webservices:2.0">
               <modify-wsdl-address>true</modify-wsdl-address>
               <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
               <endpoint-config name="Standard-Endpoint-Config"/>
               <endpoint-config name="Recording-Endpoint-Config">
                    <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
                         <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
                    </pre-handler-chain>
               </endpoint-config>
               <client-config name="Standard-Client-Config"/>
          </subsystem>
          <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
     </profile>
     <interfaces>
          <interface name="management">
               <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
          </interface>
          <interface name="public">
               <inet-address value="${jboss.bind.address:127.0.0.1}"/>
          </interface>
          <interface name="unsecure">
               <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
          </interface>
     </interfaces>
     <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
          <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
          <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
          <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
          <socket-binding name="http" port="${jboss.http.port:8080}"/>
          <socket-binding name="https" port="${jboss.https.port:8443}"/>
          <socket-binding name="txn-recovery-environment" port="4712"/>
          <socket-binding name="txn-status-manager" port="4713"/>
          <socket-binding name="iiop" interface="unsecure" port="3528"/>
          <socket-binding name="iiop-ssl" interface="unsecure" port="3529"/>
          <outbound-socket-binding name="mail-smtp">
               <remote-destination host="smtp.softic.hu" port="587"/>
          </outbound-socket-binding>
          <outbound-socket-binding name="mail-smtp-main">
               <remote-destination host="smtp.softic.hu" port="587"/>
          </outbound-socket-binding>
          <outbound-socket-binding name="mail-smtp-other">
               <remote-destination host="smtp.softic.hu" port="587"/>
          </outbound-socket-binding>
     </socket-binding-group>
</server>
Actions
8. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

marcoben73 Mar 30, 2019 1:13 PM (in response to mpetrovics)
I had a deep look at your configuration file, but I can't find anything wrong.
You can try to have a look to wildfly security log, maybe you can find some more information.
<logger category="org.jboss.as.ejb3.security"> <level name="ALL"/> </logger> <logger category="org.wildfly.security"> <level name="ALL"/> </logger>
Actions
9. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Apr 1, 2019 11:17 AM (in response to marcoben73)

Thank you for your suggestion!

I have added the recomended entries to the standalone.xml.
After that I have started the application and I have send a request to the '/web_user/general/home.do' URL, the application checks the authenticated user. As not existes such a user, the login form appears.
The login modul authenticates the user, sets the roles he has and the login is succesful.

15:38:47,275 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling CachedIdentityAuthorizeCallback: principal = mandid authorizedIdentity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,276 DEBUG [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) User [mandid] authenticated successfully
15:38:47,276 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling AuthenticationCompleteCallback: succeed
15:38:47,316 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,317 TRACE [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) User redirected to original path [http://localhost:8080/web_user/general/home.do]
15:38:47,318 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Role mapping: principal [mandid] -> decoded roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> realm mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> domain mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal]

Then the application invokes the http://localhost:8080/web_user/dataentries/home.do url, for which the authentication failes.

I provide all the related lines of log:

INFO - Beállítások betöltése: '/V:/wildfly-14.0.1.Final/modules/system/layers/base/com/akiconfig/main/./settings.xml'
INFO - A beállítások betöltése sikerült!
INFO - /web_user/general/home.do

INFO - User

15:38:40,575 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:40,608 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@12069b54] for mechanism [FORM]
15:38:40,608 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
15:38:40,608 TRACE [org.wildfly.security.http.form] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Trying to re-authenticate session _O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC. Request URI: [http://localhost:8080/web_user/general/home.do], Context path: [/web_user]
15:38:40,608 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null
15:38:40,781 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:40,830 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
INFO - Resource bundle error: Can't find resource for bundle java.util.PropertyResourceBundle, key notSupportedBrowser

15:38:40,848 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
INFO - Session created

INFO - /web_user/template/images/favicon/site.webmanifest

INFO - User

15:38:41,352 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@2bc1eccc] for mechanism [FORM]
15:38:41,352 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
15:38:41,352 TRACE [org.wildfly.security.http.form] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Trying to re-authenticate session -i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1. Request URI: [http://localhost:8080/web_user/template/images/favicon/site.webmanifest], Context path: [/web_user]
15:38:41,352 TRACE [org.wildfly.security] (default task-1)(::an1QVjpGqQRwUxf7hUjILPGGJ_6x7_fxgv0mYzfL:) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null
INFO - http://localhost:8080/web_user/template/images/favicon/site.webmanifest

INFO - /web_user/j_security_check

INFO - User

15:38:46,331 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@585c8548] for mechanism [FORM]
15:38:46,331 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
15:38:46,331 TRACE [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Trying to re-authenticate session _O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC. Request URI: [http://localhost:8080/web_user/j_security_check], Context path: [/web_user]
15:38:46,331 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null
15:38:46,334 DEBUG [org.wildfly.security.http.password] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Username authentication. Realm: [null], Username: [mandid].
15:38:46,334 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling NameCallback: authenticationName = mandid
15:38:46,335 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Principal assigning: [mandid], pre-realm rewritten: [mandid], realm name: [asir-db-login-realm], post-realm rewritten: [mandid], realm rewritten: [mandid]
15:38:46,337 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00200: Begin isValid, principal: mandid, cache entry: null
15:38:46,338 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00209: defaultLogin, principal: mandid
15:38:46,339 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00221: Begin getAppConfigurationEntry(AsirDBLogin), size: 6
15:38:46,339 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00224: End getAppConfigurationEntry(AsirDBLogin), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: hu.softic.asir.AsirLogin
ControlFlag: LoginModuleControlFlag: required
Options:

15:38:46,341 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00236: Begin initialize method
15:38:46,372 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,381 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,386 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,396 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00240: Begin login method
15:38:46,407 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,449 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00241: End login method, isValid: true
15:38:46,456 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,465 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,481 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,493 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,505 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,507 INFO [hu.softic.asir.AUDIT] (default task-4)() <invocation timestamp='Mon Apr 01 15:38:46 CEST 2019' login-name='anonymous (anonymous)' interface='hu.softic.asir.businesslogic.facade.LoginBeanRemote' method='updateUserLastLogin'>
<parameter name='username'>
<object class='java.lang.String' value='mandid'/>
</parameter>
</invocation>
15:38:46,515 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:46,607 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00242: Begin commit method, overall result: true
15:38:46,608 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
INFO - Assign user to role admin

INFO - Assign user to role dataapprover

INFO - Assign user to role database_exporter

INFO - Assign user to role database_importer

INFO - Assign user to role datachecker

INFO - Assign user to role datachecker_multi

INFO - Assign user to role dataimputer

INFO - Assign user to role datarecorder_internal

INFO - Assign user to role exchange_rate_recorder

INFO - Assign user to role exchange_rate_supervisor

INFO - Assign user to role master_data_admin

INFO - Assign user to role querydesigner

INFO - Assign user to role queryrunner_internal

INFO - Assign user to role validation_rules_editor

15:38:47,233 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00210: defaultLogin, login context: javax.security.auth.login.LoginContext@3f4fff11, subject: Subject(1249221021).principals=hu.softic.asir.AsirUserPrincipal@1346084277([name=mandid,system=PairSystem])org.jboss.security.SimpleGroup@1146593432(Roles(members:[name=database_importer,system=PairSystem],[name=dataimputer,system=PairSystem],[name=datachecker_multi,system=PairSystem],[name=exchange_rate_recorder,system=PairSystem],[name=admin,system=PairSystem],[name=exchange_rate_supervisor,system=PairSystem],[name=dataapprover,system=PairSystem],[name=database_exporter,system=PairSystem],[name=queryrunner_internal,system=PairSystem],[name=querydesigner,system=PairSystem],[name=datarecorder_internal,system=PairSystem],[name=datachecker,system=PairSystem],[name=validation_rules_editor,system=PairSystem],[name=master_data_admin,system=PairSystem]))org.jboss.security.SimpleGroup@1146593432(CallerPrincipal(members:[name=mandid,system=PairSystem]))
15:38:47,234 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00207: updateCache, input subject: Subject(1249221021).principals=hu.softic.asir.AsirUserPrincipal@1346084277([name=mandid,system=PairSystem])org.jboss.security.SimpleGroup@1146593432(Roles(members:[name=database_importer,system=PairSystem],[name=dataimputer,system=PairSystem],[name=datachecker_multi,system=PairSystem],[name=exchange_rate_recorder,system=PairSystem],[name=admin,system=PairSystem],[name=exchange_rate_supervisor,system=PairSystem],[name=dataapprover,system=PairSystem],[name=database_exporter,system=PairSystem],[name=queryrunner_internal,system=PairSystem],[name=querydesigner,system=PairSystem],[name=datarecorder_internal,system=PairSystem],[name=datachecker,system=PairSystem],[name=validation_rules_editor,system=PairSystem],[name=master_data_admin,system=PairSystem]))org.jboss.security.SimpleGroup@1146593432(CallerPrincipal(members:[name=mandid,system=PairSystem])), cached subject: Subject(1872478391).principals=hu.softic.asir.AsirUserPrincipal@1346084277([name=mandid,system=PairSystem])org.jboss.security.SimpleGroup@1146593432(Roles(members:[name=database_importer,system=PairSystem],[name=dataimputer,system=PairSystem],[name=datachecker_multi,system=PairSystem],[name=exchange_rate_recorder,system=PairSystem],[name=admin,system=PairSystem],[name=exchange_rate_supervisor,system=PairSystem],[name=dataapprover,system=PairSystem],[name=database_exporter,system=PairSystem],[name=queryrunner_internal,system=PairSystem],[name=querydesigner,system=PairSystem],[name=datarecorder_internal,system=PairSystem],[name=datachecker,system=PairSystem],[name=validation_rules_editor,system=PairSystem],[name=master_data_admin,system=PairSystem]))org.jboss.security.SimpleGroup@1146593432(CallerPrincipal(members:[name=mandid,system=PairSystem]))
15:38:47,235 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00208: Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@4a0467df
15:38:47,235 TRACE [org.jboss.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) PBOX00201: End isValid, result = true
15:38:47,238 TRACE [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Authorizing username: [mandid], Request URI: [http://localhost:8080/web_user/j_security_check], Context path: [/web_user]
15:38:47,241 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Role mapping: principal [mandid] -> decoded roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> realm mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> domain mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal]
15:38:47,241 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Authorizing principal mandid.
15:38:47,241 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Authorizing against the following attributes: [Roles, CallerPrincipal] => [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal, mandid]
15:38:47,242 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Permission mapping: identity [mandid] with roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
15:38:47,274 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Authorization succeed
15:38:47,275 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling CachedIdentityAuthorizeCallback: principal = mandid authorizedIdentity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,276 DEBUG [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) User [mandid] authenticated successfully
15:38:47,276 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling AuthenticationCompleteCallback: succeed
15:38:47,316 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,317 TRACE [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) User redirected to original path [http://localhost:8080/web_user/general/home.do]
15:38:47,318 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Role mapping: principal [mandid] -> decoded roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> realm mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> domain mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal]
INFO - /web_user/general/home.do

INFO - User

15:38:47,348 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@535d90f7] for mechanism [FORM]
15:38:47,348 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
15:38:47,348 TRACE [org.wildfly.security.http.form] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Trying to re-authenticate session _O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC. Request URI: [http://localhost:8080/web_user/general/home.do], Context path: [/web_user]
15:38:47,349 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,349 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling AuthenticationCompleteCallback: succeed
15:38:47,349 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,349 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) Role mapping: principal [mandid] -> decoded roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> realm mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> domain mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal]
INFO - http://localhost:8080/web_user/general/home.do

15:38:47,376 TRACE [org.wildfly.security] (default task-1)(::-i5vWb8TcTROJaIaVHGtXD0D4RBrPmCxQVjw3Wn1:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,380 INFO [hu.softic.asir.AUDIT] (default task-3)() <invocation timestamp='Mon Apr 01 15:38:47 CEST 2019' login-name='anonymous (anonymous)' interface='hu.softic.asir.businesslogic.facade.config.UserAdministration' method='userPasswordIsExpired'>
<parameter name='userId'>
<object class='java.lang.Long' value='5014984340'/>
</parameter>
</invocation>
INFO - /web_user/dataentries/home.do

INFO - Tiles definition factory found for request processor ''.
DEBUG - HomeAction:Entering execute()
INFO - User

15:38:47,412 TRACE [org.wildfly.security] (default task-1)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,419 TRACE [org.wildfly.security] (default task-3)() Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@1926688d] for mechanism [FORM]
15:38:47,419 TRACE [org.wildfly.security] (default task-3)() Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
15:38:47,419 TRACE [org.wildfly.security.http.form] (default task-3)() Trying to re-authenticate session _O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC. Request URI: [http://localhost:8080/web_user/dataentries/home.do], Context path: [/web_user]
15:38:47,419 TRACE [org.wildfly.security] (default task-3)() Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,419 TRACE [org.wildfly.security] (default task-3)() Handling AuthenticationCompleteCallback: succeed
15:38:47,419 TRACE [org.wildfly.security] (default task-3)() Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=mandid, securityDomain=org.wildfly.security.auth.server.SecurityDomain@78f6c340, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='asir-db-login-realm', securityRealm=org.jboss.as.security.elytron.SecurityDomainContextRealm@74c8fe8c}, creationTime=2019-04-01T13:38:47.240Z}
15:38:47,419 TRACE [org.wildfly.security] (default task-3)() Role mapping: principal [mandid] -> decoded roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> realm mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal] -> domain mapped roles [datarecorder_internal, dataimputer, dataapprover, admin, exchange_rate_supervisor, database_importer, master_data_admin, datachecker, exchange_rate_recorder, validation_rules_editor, datachecker_multi, querydesigner, database_exporter, queryrunner_internal]
INFO - http://localhost:8080/web_user/dataentries/home.do

15:38:47,500 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,508 TRACE [org.wildfly.security] (default task-1)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,538 INFO [hu.softic.asir.businesslogic.impl.MenuBean] (default task-6)() A InitialContext létrehozása sikerült! Info:
15:38:47,542 INFO [hu.softic.asir.businesslogic.dao.oracle.MenuDAOImpl] (default task-6)() SELECT menu.*, menu_data.name FROM menu JOIN menu_data ON (menu.id = menu_data.menu_id) WHERE menu.menu_category_id = ? AND menu_data.lang_id = ? ORDER BY morder
INFO - Resource bundle error: Can't find resource for bundle java.util.PropertyResourceBundle, key notSupportedBrowser

15:38:47,617 TRACE [org.wildfly.security] (default task-1)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,635 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,653 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,673 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,695 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:47,713 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:48,087 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:48,090 INFO [hu.softic.asir.businesslogic.dao.oracle.MenuDAOImpl] (default task-1)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) SELECT menu.*, menu_data.name FROM menu JOIN menu_data ON (menu.id = menu_data.menu_id) WHERE menu.menu_category_id = ? AND menu_data.lang_id = ? ORDER BY morder
15:38:48,158 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:48,214 TRACE [org.wildfly.security] (default task-5)() getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
15:38:48,290 INFO [hu.softic.asir.AUDIT] (default task-5)() <invocation timestamp='Mon Apr 01 15:38:48 CEST 2019' login-name='anonymous (anonymous)' interface='hu.softic.asir.businesslogic.dataentry2.bean.DataEntry2' method='getDataSuppliersCount'>
</invocation>
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
15:38:48,290 TRACE [org.wildfly.security] (default task-5)() Role mapping: principal [anonymous] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles []
INFO - Resource bundle error: Can't find resource for bundle java.util.PropertyResourceBundle, key notSupportedBrowser

15:38:49,891 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) getAuthenticationConfiguration uri=remote+http://localhost:8080, protocolDefaultPort=-1, abstractType=ejb, abstractTypeAuthority=jboss, MatchRule=[null], AuthenticationConfiguration=[AuthenticationConfiguration:principal=anonymous,set-host=localhost,set-protocol=remote+http,set-port=8080,providers-supplier=org.wildfly.security.util.ProviderUtil$1@1176f1e9,mechanism-properties={wildfly.sasl.local-user.quiet-auth=true}]
INFO - Session created

INFO - /web_user/template/images/favicon/site.webmanifest

INFO - User

15:38:49,974 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@1ca66951] for mechanism [FORM]
15:38:49,975 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
15:38:49,975 TRACE [org.wildfly.security.http.form] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) Trying to re-authenticate session _kIxXe248E4WY0czSvWPauqtaSON2TA2VtauEDuQ. Request URI: [http://localhost:8080/web_user/template/images/favicon/site.webmanifest], Context path: [/web_user]
15:38:49,975 TRACE [org.wildfly.security] (default task-3)(:mandid:_O5eW130oErzM0kEKSUolnT8HvVxtzeAOCVW3ggC:) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null
INFO - http://localhost:8080/web_user/template/images/favicon/site.webmanifest

Michael
Actions
10. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

marcoben73 Apr 5, 2019 9:16 AM (in response to mpetrovics)

Hi Mihály,
it not clear to me what do you mean with
"Then the application invokes the http://localhost:8080/web_user/dataentries/home.do url, for which the authentication failes."
Your entry point is /web_user/general/home.do, from that handler you are calling /web_user/dataentries/home.do with an http client (in this case the security context is not propagated)? Or is the browser which calls the latter?

Can you try to call directly an EJB (and print the principal) directly from the handler of /web_user/general/home.do.

Marco
Actions
11. Re: sessionContext.getCallerPrincipal() always returns anonymous after succesful login

mpetrovics Apr 6, 2019 9:31 AM (in response to marcoben73)
Hi, Marco!

I'm glad to hear from you again. Unfortunately, I was not able to resolve the problem. For your information, I provide some detail on the system. This is a data collector system. A plenty of datasuppliers provide the requested data using our web application and the collected data is used for different purposes. There are - amongst many other roles - external_datarecorder and internal_datarecorder roles. When an internal_datarecorder wants to use the system, he (or she) calls the /web_user/general/home.do url. This is the start point of the web_user module. If the user is not authenticated the login form appears for him(her) and the user is able to login the system. If the authentication is succesful, the system redirects the call to the /web_user/dataentries/home.do url, which shows the list of data provided by the external_datarecorder users. During this process the appropriate Strust2 action class in the web_user module handels the request and invokes the getDataSuppliersCount method of DataEntry2Bean EJB, which resides in the separate businesslogic module.
The lookup of the EJB is successful as well as the method invocation. The method needs the caller's username to query the proper data related to the user. For this it invokes the sessionContext.getCallerPrincipal().getName() method. The result of this call is always anonymous despite the login was succesful.

As you suggested, I tried to perform a call without redirection. I invoked the same method (getDataSuppliersCount) from the Strust2 action which handels the /web_user/general/home.do request. The result was the same. I have no idea, what the the problem can be.
With the Jboss 7.1.1.Final server, after the successful login the principal of the authenticated user was accessable in the businesslogic modul via the sessionContext.getCallerPrincipal() call.
I tried to solve the problem by definig an Elytron Security Domain and a security realm, leaving the legacy security domain (AsirDBLogin) away. I have defined an Elytron security domain (main-db-domain) referencing a JDBC Security Realm (main-db-realm). The result was the same. The authentication was succesful, but the subsequent sessionContext.getCallerPrincipal() method invocation was 'anonymous' as well.
By the way I have some other problem with this approach. We doesn't store the password of our users as plain text but the SHA256 hash of password. The FORM authentication of user failed despite I have used the simple-digest-sha-256 algoritm for the simple-digest-mapper. I tried it with plain text password and the authentication worked, but using the sha256 digest the authentication failed.
Another problem is, that the AsirDBLogin custom login module does a number of additional tasks after successful login, while the simple Wildfly login doesn't.
Excuse me to task you with my problem but I really need help as soon as possible.

I attache the stamdalone.xml with the jdbc realm.

standalone-jdbc-realm.xml.zip 7.4 KB
Actions

Go to original post