3 Replies Latest reply on Nov 28, 2017 8:06 AM by Darran Lofthouse

    Elytron  RMI with jdbc-realm + fallback (wildfly 11)

    Sliff Ainsel Newbie

      Hi,

       

      I' am new  trying  to get to work  ejb-secure example using  database instead of  property files, but I'am getting the "PLAIN : Server rejected authentication" error.

      Eventually I would  also like to configure a fallback to second type of authentication ( property file).

       

      In found 1 old response that advise to allow plain-text on the sever but it was relating to old jboss 7 and JAAS.

       

      standalone.xml  so far:

       

      <subsystem xmlns="urn:jboss:domain:ejb:5.0">

           ......

        <remote connector-ref="http-remoting-connector" thread-pool-name="default">

                      <channel-creation-options>

                          <option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>

                          <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>

                      </channel-creation-options>

           </remote>

           <default-security-domain value="other"/>

           <application-security-domains>

                <application-security-domain name="other" security-domain="jdbc-domain"/>

                <application-security-domain name="other1" security-domain="ApplicationDomain"/>

           </application-security-domains>

      </subsystem>

      <subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto">

           ....

           <security-domains>

                 ....

                <security-domain name="jdbc-domain" default-realm="jdbc-realm" permission-mapper="default-permission-mapper" >

                      <realm name="jdbc-realm" role-decoder="groups-to-roles"/>

                 </security-domain>

           </security-domains>

           <security-realms>

                ....

                <jdbc-realm name="jdbc-realm">

                     <principal-query sql="SELECT password, roles FROM wildfly_users WHERE users=?" data-source="databaseDS">

                          <attribute-mapping>

                               <attribute to="groups" index="2"/>

                           </attribute-mapping>

                           <clear-password-mapper password-index="1"/>

                     </principal-query>

                </jdbc-realm>

           </security-realms>

       

           <sasl>

                <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="elytron" security-domain="jdbc-domain">

                     <mechanism-configuration>

                          <mechanism mechanism-name="PLAIN"/>

                     </mechanism-configuration>

                </sasl-authentication-factory>

           </sasl>

      <subsystem xmlns="urn:jboss:domain:remoting:4.0">

                  <endpoint/>

                  <http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/>

      </subsystem>

       

       

      and the wildfly-client.xml

       

      <configuration>

          <authentication-client xmlns="urn:elytron:1.0">

              <authentication-rules>

                  <rule use-configuration="default"/>

              </authentication-rules>

              <authentication-configurations>

                  <configuration name="default">

                      <set-user-name name="quickstartUser"/>

                      <credentials>

                          <clear-password password="quickstartPwd1!"/>

                      </credentials>

                      <sasl-mechanism-selector selector="PLAIN"/>

                      <providers>

                          <use-service-loader />

                      </providers>

                  </configuration>

              </authentication-configurations>

          </authentication-client>

      </configuration>