1 Reply Latest reply on Apr 21, 2014 1:27 PM by Rituraj Sinha

    Problem adding SSL to web app in Wildfly 8

    David Hileman Newbie

      Hello.  I have a web app running in Wildfly 8.  I recently learned how to secure the application with JAAS.  Next, I need to enable SSL (HTTPS) for my web app, but I am having difficulty doing so.

       

      Here is how I have configured JAAS.

       

      web.xml:

      <security-constraint>
          <display-name>protected-pages</display-name>
          <web-resource-collection>
              <web-resource-name>protected-pages</web-resource-name>
              <url-pattern>/secure/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
              <role-name>User</role-name>
          </auth-constraint>
          <user-data-constraint>
              <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
      
      </security-constraint>
      <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>ApplicationRealm</realm-name>
          <form-login-config>
              <form-login-page>/login.html</form-login-page>
              <form-error-page>/loginError.html</form-error-page>
          </form-login-config>
      
      </login-config>
      <security-role>
          <role-name>User</role-name>
      </security-role>
      
      
      
      
      

       

      jboss-web.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
          <security-domain>java:/jaas/jdbcSecurityRealm</security-domain>
      </jboss-web>
      
      
      
      
      

       

      And finally, I added a security domain to the security subsystem in standalone.xml:

                      <security-domain name="jdbcSecurityRealm" cache-type="default">
                          <authentication>
                              <login-module code="Database" flag="required">
                                  <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>
                                  <module-option name="principalsQuery" value="select passcode from wf_users where username=?"/>
                                  <module-option name="rolesQuery" value="select groupname, 'Roles' from wf_groups where username=?"/>
                                  <module-option name="hashAlgorithm" value="MD5"/>
                                  <module-option name="hashEncoding" value="base64"/>
                                  <module-option name="unauthenticatedIdentity" value="guest"/>
                              </login-module>
                          </authentication>
                      </security-domain>
      
      
      
      
      

       

      Everything works so far with JAAS, but if I change transport-guarantee to CONFIDENTIAL to enable SSL, it doesn't work, page not found error.

       

      So here is my attempt to enable SSL for Wildfly 8.  First I generated a certificate keystore:

       

      keytool -genkey -alias wildfly -keyalg RSA
      
      
      
      
      

       

      I then created a new security realm under the management section:

       

      <security-realm name="SslRealm">
        <server-identities>
          <ssl>
            <keystore path="C:\Users\dhileman\.keystore" keystore-password="wildfly"/>
          </ssl>
        </server-identities>
      </security-realm>
      
      
      
      
      

       

      Then, I added an https listener to the undertow subsystem

       

      <https-listener name="https" socket-binding="https" security-realm="SslRealm"/>
      
      
      
      
      

       

      I think this should work, according to several guides, but I cannot get wildfly to start.  I'm getting a parse error, unexpected element <https-listener>:

       

      ParseError at [row,col]:[391,83]

      Message: JBAS014789: Unexpected element '{urn:jboss:domain:undertow:1.0}https-listener' encountered

      Any idea where to go from here?

       

      EDIT: Thanks @

       

      I am a dumby.  All i needed to do was move the https-listener into the server section instead of directly under the subsystem.  After that, everything worked!

        • 1. Re: Problem adding SSL to web app in Wildfly 8
          Rituraj Sinha Novice

          have you added the https-listener part as below ..?

          <server name="default-server">

                  <http-listener name="default" socket-binding="http"/>

                  <!-- Add this block -->

                  <https-listener name="https" socket-binding="https" security-realm="yourRealm"/>

                  <!-- End of block -->

                  ...

              </server>

           

          please check your domain.xml something is not correct their...