2 Replies Latest reply on Jul 28, 2017 10:35 AM by Andreas Niemeyer

    Security domain / realm configuration inside EAR and outside standalone.xml

    Andreas Niemeyer Newbie

      Hi,

       

      We are driving a EAP 7 JBoss and want to keep a security domain -, security-realm and a outbound-connection configuration outside the standalone.xml within the EAR file in a separate configuration for closer flexibility.

       

      Is that possible and in which kind of file would it go?

       

      Kind regards,

      Andreas

        • 1. Re: Security domain / realm configuration inside EAR and outside standalone.xml
          Martin Choma Expert

          What about variable replacement with ${variable} inside standalone.xml? Would it help to solve your issue?

          • 2. Re: Security domain / realm configuration inside EAR and outside standalone.xml
            Andreas Niemeyer Newbie

            Probably yes, but due the fact the different config artifacts are spreaded in the standalone.xml it might be not as clean as desired.

             

            Below the secured LDAP authenication and domains.

             

            ...

            <security-realm name="ldap-security-realm">

                            <authentication>

                                <truststore path="jssecacerts" relative-to="jboss.server.config.dir" keystore-password="xxx"/>

                                <ldap connection="ldap-connection" base-dn="DC=a,DC=b,DC=c" recursive="true" allow-empty-passwords="false">

                                    <advanced-filter filter="(&amp;(sAMAccountName={0}))"/>

                                </ldap>

                            </authentication>

            </security-realm>

            ...

            <outbound-connections>

                        <ldap name="ldap-connection" url="ldaps://172.10.10.10:3333" search-dn="CN=crm-bind,OU=Dienste,OU=Hamburg,OU=Deutschland,DC=a,DC=b,DC=c" search-credential="ldap_pass" security-realm="ldap-security-realm"/>

            </outbound-connections>

            ...

            <security-domain name="projectsecure" cache-type="default">

                                <authentication>

                                    <login-module code="Remoting" flag="optional">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                    <login-module code="RealmDirect" flag="required">

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                        <module-option name="realm" value="ldap-security-realm"/>

                                    </login-module>

                                </authentication>

                                <mapping>

                                    <mapping-module name="mapRoleToUser" code="org.jboss.security.mapping.providers.role.DatabaseRolesMappingProvider" type="role">

                                        <module-option name="dsJndiName" value="java:jboss/datasources/Project-DS"/>

                                        <module-option name="rolesQuery" value="select r.name from user u, role r, user_x_role x where u.id = x.FK_USER and r.id = x.FK_ROLE and u.AD_IDENT = ?"/>

                                    </mapping-module>

                                </mapping>

            </security-domain>

            ...