0 Replies Latest reply on Aug 5, 2014 3:26 PM by stephan schärli

    WildFly security mappings in jboss-web.xml

    stephan schärli Newbie

      Security mappings in jboss-web.xml from an app role name to a real group name seems not to work anymore in Wildfly 8.1. It worked with JBoss 7.1.

       

      The authentication with "org.jboss.security.auth.spi.LdapExtLoginModule" works:

       

      <security-domain name="ldap_security_domain">

           <authentication>

                <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">

                     <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                     <module-option name="java.naming.provider.url" value="ldap://alzhdc01:389"/>

                     <module-option name="java.naming.referral" value="follow"/>

                        ... etc.

                </login-module>

              </authentication>

      </security-domain>

       

      My jboss-web.xml looks like:

       

      <jboss-web>

          <security-domain>java:/jaas/ldap_security_domain</security-domain>

          <security-role>

              <description>example of mapping an app role name to real group name. This way we can  take advantage of already existing groups</description>

              <role-name>SUPERUSER_ROLE</role-name><!-- the role name appearing in the standard web.xml dd  -->

              <principal-name>Superuser</principal-name><!-- the existing role in your credential repo -->

          </security-role>

           ... etc.

      </jboss-web>

       

       

      and in web.xml I have following code:

       

        <login-config>

          <auth-method>FORM</auth-method>

          <realm-name>ldap_security_domain</realm-name>

          <form-login-config>

            <form-login-page>/faces/pages/login.xhtml</form-login-page>

            <form-error-page>/faces/pages/login-error.xhtml</form-error-page>

          </form-login-config>

        </login-config>

       

      Now if I call for a authenticated user following code he has not the corresponding role.

       

      ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();

      externalContext.isUserInRole(JSFConstants.ROLE_SUPERUSER);

       

      If I start the WildFly server I get not errors. Do you have any idea? Thank you in advance.