0 Replies Latest reply on Apr 15, 2016 1:52 PM by Jeremy Stallard

    Glassfish to Wildfly Conversion: HttpServlet level authorizations vs security-domain

    Jeremy Stallard Newbie

      One more question regarding conversion from Glassfish to Wildfly.  I was able to get Authentication working properly using JASPIC and a security-domain, but as our application has been written over the past 15 years it was developed with some publicly available pages which don't require authorization, and a good many pages that do.


      With Glassfish, we had specified HttpServlet level authorization which let us specify which URLs required authentication and which didn't.  Wildfly seems to be limited to the entire application (all or nothing approach).  Is this correct or am I missing something.


      Basically I'm looking for the replacement for the following configuration for Glassfish in the Wildfly format.  I've been through forums, books, stackoverflow, etc.  Any ideas?


      <message-security-config auth-layer="HttpServlet">

                <provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule">

                  <request-policy auth-source="sender"></request-policy>


                  <property name="restAuthURL" value="http://localhost:${ADMIN_LISTENER_PORT}/management/sessions"></property>

                  <property name="loginPage" value="/login.jsf"></property>

                  <property name="loginErrorPage" value="/loginError.jsf"></property>


                <provider-config provider-type="server" provider-id="roast" class-name="name.aikesommer.authenticator.AuthModule">

                  <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>




              <property name="default-digest-algorithm" value="SHA-256"></property>