0 Replies Latest reply on Dec 13, 2019 10:05 AM by pcarrollnf

    Elytron Anonymous Access

    pcarrollnf
    pcarrollnf Dec 13, 2019 10:05 AM

      I am using Wildfly 14.  I am trying to allow anonymous access to my site.  Currently, I have a JDBC Realm configured that uses a bcrypt mapper.

       

      <security-domain name="mySecurityDomain" default-realm="MyRealm" permission-mapper="default-permission-mapper">
  <realm name="MyRealm" role-decoder="from-roles-attribute"/>
</security-domain>
....
<jdbc-realm name="MyRealm">
  <principal-query sql="SELECT A.PASSWORD, A.SALT_VALUE, A.ITERATION_COUNT FROM USERS A WHERE A.IS_ENABLED = 1 AND A.USER_NAME = LOWER(?)" data-source="myDatasource">
    <bcrypt-mapper password-index="1" salt-index="2" iteration-count-index="3"/>
  </principal-query>
  <principal-query sql="SELECT DISTINCT C.ROLE_NAME FROM USER_GROUP A, ROLE_GROUP B, ROLES C WHERE A.USER_NAME = LOWER(?) AND A.GROUP_ID = B.GROUP_ID AND B.ROLE_ID = C.ROLE_ID" data-source="myDatasource">
    <attribute-mapping>
    <attribute to="roles" index="1"/>
    </attribute-mapping>
 </principal-query>
</jdbc-realm>

       

      I have a configuration file that tells the application if anonymous access is enabled.  If it is enabled, I want the user to be automatically logged on and assigned the proper roles of the anonymous user.  The anonymous user is a user stored in the DB as has roles assigned.  Is this something that may be configured in standalone-full.xml or is this something that needs to be performed programmatically as in a servlet of filter.