2 Replies Latest reply on Oct 27, 2017 10:35 AM by paramjindal

Wildfly Authentication with UsersRoles doesn't work

jarod0305 Oct 25, 2017 10:33 AM

I have two JBoss Servers, one is JBoss7 the other one is wildfly. I have a EJB service on JBoss7 and it should call the a rest service on Wildfly10. The rest Service on Wildfly10 is authenticated.

In jboss-web.xml is the security domain already setted.

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web xmlns="http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">

<security-domain>test</security-domain>

</jboss-web>

I have also done the necessary settings of roles in web.xml.

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>test</realm-name>

</login-config>

<security-role>

<role-name>Starter</role-name>

</security-role>

<security-constraint>

<web-resource-collection>

<web-resource-name>test</web-resource-name>

<description>something</description>

<url-pattern>/test/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>Starter</role-name>

</auth-constraint>

</security-constraint>

</web-app>

In my standalon.xml of wildfly i have added the security-domain like so:

<security-domain name="test" cache-type="default">

<login-module code="UsersRoles" flag="required">

<module-option name="usersProperties" value="file://${jboss.server.config.dir}/callback-users.properties"/>

<module-option name="rolesProperties" value="file://${jboss.server.config.dir}/callback-roles.properties"/>

</login-module>

</authentication>

</security-domain>

Under the configuration directory i have added the credentials and roles with clear text into the callback-users.properties and callback-roles.properties.

The request from JBoss7 is encoded with Base64 and it should have no problem. But i got only the following exception:

javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User

Any one any suggestion? Thanks a lot in Advance

David

1. Re: Wildfly Authentication with UsersRoles doesn't work

walkerca Oct 26, 2017 10:25 AM (in response to jarod0305)

I don't see the linkage between the realm and the domain. Do you have something like this in your config?

<security-realm name="MyRealm">
                <authentication>
                    <jaas name="my-policy"/>
                </authentication>
</security-realm>
Actions
2. Re: Wildfly Authentication with UsersRoles doesn't work

paramjindal Oct 27, 2017 10:35 AM (in response to jarod0305)

Hi David,

Your wildfly configuration is fine. I tried this configuration in a simple WAR and it is allowing me to access the application via browser in case of successful authentication.
Problem could be the way you are accessing this REST service.

Try it by adding the following property in your ejb client and see if this works :

prop.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

Thanks,
Param
Actions

Go to original post