To get java.security.Principal this should help SecurityDomain.getCurrent().getCurrentSecurityIdentity().getPrincipal().
What happens when you throw custom error message from CustomSecurityRealm?
Thanks for the quick response. Using the SecurityDomain.getCurrent().getCurrentSecurityIdentity().getPrincipal() is a good starting point for me; However this is returning a NamePrincipal. within the Security Domain I have configured a PrincipalTransformer which is used to transform the NamePrincipal into a custom Principal which contains additional information such as the internal user identifier, and the type of user (external, internal, system, etc), when the user exists.
The getRealmIdentity method of my security realm is being passed my custom Principal so I know the transformer is being invoked. How would I ensure that the transformed Principal is the one that is set on CurrentSecurityIdentity?
the elytron subsystem is configured as follows:
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" principal-transformer="MyPrincipalTransformer" role-decoder="groups-to-roles"/>
<!--default properties based management realm -->
<custom-realm name="ApplicationRealm" module="my.module.elytron-extensions:2.0.0" class-name="my.SecurityRealm"/>
<!-- management realm based on properties config -->
<!-- default simple permission mapper -->
<custom-principal-transformer name="MyPrincipalTransformer" module="my.module.elytron-extensions:2.0.0" class-name="my.PrincipalTransformer"/>
<!--role mappers, etc -->
If I throw a custom exception from within the SecurityRealms verifyEvidence() method I get a server error which is returned via undertow as a stack trace to the browser... I will get the stack trace and append it shortly.
1 of 1 people found this helpful
Please look at Darran's WildFly Blog: WildFly Elytron - Principal Transformers, Realm Mappings, and Principal Decoders it will help you understand lifecycle of transformers and can help you to find solution in your specific use case.
For anyone else with similar issues, switching the transformer over to a "pre-realm-principal-transformer" on the security-domain, rather than on the security realm itself has solved the issue of having my custom principal attached to the currentSecurityIdentity.
Still working on the custom login failure messages... but so far I'm liking Elytron vs the legacy JAAS implementations in previous EAP releases