BasicAuth with WildFly 8.2.0. RBAC Managed Roles.
tigran.babloyan Jan 13, 2015 7:44 AMHi guys,
I have a simple web application which is deployed into WildFly 8.2.0, the server is configured with RBAC access control enabled and I want a BasicAuth for my web application and the roles managed with RBAC.
Let's go into details.
I have a WildFly 8.2.0 web server with:
- RBAC access provider enabled.
- Application user "appuser".
- "appuser" is assigned a role "Administrator" with RBAC. (see screen shot below)
I'm using standalone-full.xml with following contents (I share only the rbac/security data).
<server xmlns="urn:jboss:domain:2.2"> <management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local" skip-group-loading="true"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <local default-user="$local" allowed-users="*" skip-group-loading="true"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> </security-realms> <access-control provider="rbac"> <role-mapping> <role name="SuperUser"> <include> <user name="$local"/> <user alias="manager" name="manager"/> </include> </role> <role name="Administrator"> <include> <user name="appuser"/> <user realm="ApplicationRealm" name="appuser"/> </include> </role> </role-mapping> </access-control> <management> <profile> <subsystem xmlns="urn:jboss:domain:security:1.2"> <security-domains> <security-domain name="other" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="RealmDirect" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> <security-domain name="jboss-web-policy" cache-type="default"> <authorization> <policy-module code="Delegating" flag="required"/> </authorization> </security-domain> <security-domain name="jboss-ejb-policy" cache-type="default"> <authorization> <policy-module code="Delegating" flag="required"/> </authorization> </security-domain> </security-domains> </subsystem> </profile> </server>
Also I have an web application with the following configuration:
WEB-INF/web.xml
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1" id="sampleapp"> <display-name>sampleapp</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <security-constraint> <display-name>Access Pages</display-name> <web-resource-collection> <web-resource-name>Pages</web-resource-name> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>ApplicationRealm</realm-name> </login-config> <security-role> <description>Permission to access application</description> <role-name>Administrator</role-name> </security-role> </web-app>
WEB-INF/jboss-web.xml
<jboss-web> <security-domain>other</security-domain> </jboss-web>
So my problem is after deployment of web app I'm entering the "appuser" credentials at BasicAuth prompt but after get Forbidden page with 403 status code.
Can anyone suggest a place where I need to dig more, as log files have nothing interesting to tell event in TRACE level.
Thanks in advance,