2 Replies Latest reply on Oct 5, 2017 6:56 AM by Darran Lofthouse

    Is jboss-web.xml still needed for Elytron Security Domains ?

    Mylos Kathos Master

      Hi all,

      I've configured a simple web application using a FileSystem Realm and Security Domain as described in: Using the Elytron Subsystem - Latest WildFly Documentation - Project Documentation Editor

      From what I understand from the doc, when using Elytron Security Domain just adding into web.xml the realm-name and role-name would be sufficient:

       

      <web-app>

       

        <security-constraint>

          <web-resource-collection>

            <web-resource-name>secure</web-resource-name>

            <url-pattern>/secure/*</url-pattern>

          </web-resource-collection>

          <auth-constraint>

            <role-name>Admin</role-name>

          </auth-constraint>

        </security-constraint>

        <security-role>

          <description>The role that is required to log in to /secure/*</description>

          <role-name>Admin</role-name>

        </security-role>

        <login-config>

          <auth-method>BASIC</auth-method>

          <realm-name>exampleApplicationDomain</realm-name>

        </login-config>

      </web-app>

       

      However with just web.xml in place I'm not able to login. On the other hand, I'm able to login when adding jboss-web.xml:

       

      <jboss-web>

       

        <security-domain>exampleApplicationDomain</security-domain>

      </jboss-web>

      So it seems jboss-web.xml is still needed also when using Elytron ? am I correct ?

      Thanks

      Mylos