0 Replies Latest reply on Aug 13, 2019 10:09 AM by Jimmy Zhang

    Trouble Configure Authentication with a Properties File-Based Identity Store

    Jimmy Zhang Newbie

      I followed following example "4.1.1. Configure Authentication with a Properties File-Based Identity Store" at the link below

      WildFly Elytron Security

       

      These are the key commands:

       

      /subsystem=elytron/properties-realm=examplePropRealm:add(groups-attribute=groups,groups-properties={path=example-roles.properties,relative-to=jboss.server.config.dir},users-properties={path=example-users.properties,relative-to=jboss.server.config.dir,plain-text=true})

       

      /subsystem=elytron/security-domain=exampleSD:add(realms=[{realm=examplePropRealm,role-decoder=groups-to-roles}],default-realm=examplePropRealm,permission-mapper=default-permission-mapper)

       

      /subsystem=elytron/http-authentication-factory=example-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}])

       

      /subsystem=undertow/application-security-domain=exampleApplicationDomain:add(http-authentication-factory=example-http-auth)

       

      jboss-web.xml

      /subsystem=undertow/application-security-domain=exampleApplicationDomain:add(http-authentication-factory=example-http-auth)

       

      web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app>

        <security-constraint>
          <web-resource-collection>
            <web-resource-name>secure</web-resource-name>
            <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
            <role-name>*</role-name>
          </auth-constraint>
        </security-constraint>
        <security-role>
          <description>The role that is required to log in to /*</description>
          <role-name>*</role-name>
        </security-role>
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>exampleApplicationDomain</realm-name>
        </login-config>
      </web-app>

       

      I was running into an error message during deployment, then saw this post: WildFly 11 programmatic login with Elytron, and have run:

      /subsystem=ejb3/application-security-domain=exampleApplicationDomain:add(security-domain=exampleSD)

       

      With above configuration, wildfly doesn't recognize any user specified in the user file. What am I missing?