-
1. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
mchoma Oct 12, 2018 12:27 AM (in response to cweiler)Hi,
could you please share the details what exactly do you mean? If SecurityContext is standard EE 8 Security feature it should be there.
Martin
-
2. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
cweiler Oct 15, 2018 10:42 AM (in response to mchoma)Exactly Martin,
I tryied the following code:
@Inject SecurityContext securityContext;
On a Stateless and a Named Bean. Both throws
WELD-001408: Unsatisfied dependencies for type SecurityContext with qualifiers @Default
The injected interface is javax.security.enterprise.SecurityContext.
I have elytron enabled (if this changes something)
Thanks.
-
3. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
mchoma Oct 15, 2018 1:41 PM (in response to cweiler)Very common error is not to use jaspitest security domain in jboss-web.xml [1]. But this seems something before. Are your other EE Security annotation working? Do you have <subsystem xmlns="urn:jboss:domain:ee-security:1.0"/> in your standalone.xml? ee8.preview.mode true
What do you mean by Elytron enabled? AFAIK EE Security is not provided through Elytron in WF14, there is not Elytron jaspic implementation in WF14
Re: Programmatically authentication (Soteria) fails with AuthenticationStatus = null
-
4. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
cweiler Oct 15, 2018 4:07 PM (in response to mchoma)Very common error is not to use jaspitest security domain in jboss-web.xml
Well, I have another security domain set, not jaspitest, and it is on jboss-ejb3.xml for Stateless bean. But I tried jaspitest, same result.
Are your other EE Security annotation working?
I have RolesAllowed working in same Stateless bean.
Do you have <subsystem xmlns="urn:jboss:domain:ee-security:1.0"/> in your standalone.xml? ee8.preview.mode true
Yes, but it is empty.
No preview mode, as it is Wildfly 14.
What do you mean by Elytron enabled?
I run cli in "/wildfly/docs/examples/enable-elytron.cli", and configured security domain for EJB.
Thanks!
-
5. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
mchoma Oct 16, 2018 3:33 PM (in response to cweiler)Does it help when you try to specify jaspitest in jboss-web.xml?
<jboss-web>
<security-domain>jaspitest</security-domain>
</jboss-web>
-
6. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
cweiler Oct 16, 2018 4:20 PM (in response to mchoma)Nope Martin, no changes.
Also try my defined domain in jboss-web, and it throws an error of missing domain. jboss-web seems to be picketbox only, not elytron.
I find this: Analysis / Design - JASPIC Integration with WildFly Elytron
It appears to be a work in progress. But Java EE Security API do not replaces JASPIC?
Just for note, my security domain is working (principal, roles, etc.), I just wanted to use new SecurityContext injection facility.
Thanks!
-
7. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
alex.dudarkov Oct 18, 2018 10:50 AM (in response to cweiler)You may have forgotten to add beans.xml
-
8. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
cweiler Oct 22, 2018 8:57 AM (in response to alex.dudarkov)alex.dudarkov, I didn't. CDI is working, it just can't find any resource to be injected in SecurtyContext.
As mchoma pointed well (as Wildfly is EE 8 full):
If SecurityContext is standard EE 8 Security feature it should be there.
But it isn't. So my initial question: Is anyone able to inject SecurityContext on Wildfly 14?
If anyone is able, than its a problem in my configs.
By my researchs, Wildfly uses soteria implementation 1.0, this is the same used by Baeldung is this post. It should be working...
Thanks.
-
9. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
alex.dudarkov Oct 22, 2018 9:39 AM (in response to cweiler)1 of 1 people found this helpfulYes, I use SecurityContext on WildFly14. My steps: add beans.xml, dependencies: <groupId>javax</groupId>
<artifactId>javaee-api</artifactId>; <groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId> with provided scope; add jboss-web.xml with <security-domain>jaspitest</security-domain>. -
10. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
cweiler Oct 22, 2018 9:58 AM (in response to alex.dudarkov)Just to be sure alex.dudarkov, you are using this:
@Inject javax.security.enterprise.SecurityContext securityContext;
Do you made any changes in the security domain "jaspitest"?
I am confused here, as Java EE 8 Security should be replacing JASPIC
Anyway. This security domain is initially configured in Picketbox, so this do looks like a problem in Elytron.
-
11. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
alex.dudarkov Oct 22, 2018 11:04 AM (in response to cweiler)1 of 1 people found this helpfulYes I'm using javax.security.enterprise.SecurityContext, I didn't make any changes in the security domain.
-
12. Re: Wildfly 14 - Java EE Security - Inject SecurityContext
mchoma Oct 22, 2018 2:24 PM (in response to cweiler)1 of 1 people found this helpfulJava EE 8 Security is build on top of JASPIC. In WF 14 there is only legacy JASPIC (no Elytron implementation). You have to use jaspitest security domain.