[
https://issues.jboss.org/browse/WFCORE-3963?page=com.atlassian.jira.plugi...
]
Jiri Ondrusek edited comment on WFCORE-3963 at 8/9/18 7:11 AM:
---------------------------------------------------------------
[~dehort] I've tested following configuration (with JAAS)
{quote} <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore"
relative-to="jboss.server.config.dir" keystore-password="password"
alias="server" key-password="password"
generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<jaas name="ima_jaas_sec_domain"/>
</authentication>
<authorization>
<properties path="application-roles.properties"
relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>{quote}
{quote}<http-connector name="http-remoting-connector"
connector-ref="default" security-realm="ApplicationRealm">
<properties>
<property name="SASL_MECHANISMS"
value="ANONYMOUS,PLAIN"/>
<property name="SASL_POLICY_NOANONYMOUS"
value="false"/>
</properties>
</http-connector>{quote}
As you can see, I've defined JAAS as you suggested. (Whole file is attached as
standalone2.xml)
With this configuration, authentication *works*.
I've noticed only one possible problem during configuration. If password is hashed in
*.properties file. You have to add appropriate hash algorithm into login module:
{quote}<security-domain name="ima_jaas_sec_domain"
cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties"
value="file:///$\{jboss.server.config.dir\}/application-users.properties"/>
<module-option name="rolesProperties"
value="file:///$\{jboss.server.config.dir\}/application-roles.properties"/>
<module-option name="hashAlgorithm"
value="*algorithm_name*"/>
</login-module>
</authentication>{quote}
was (Author: jondruse):
[~dehort] I've tested following configuration (with JAAS)
{quote} <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore"
relative-to="jboss.server.config.dir" keystore-password="password"
alias="server" key-password="password"
generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<jaas name="ima_jaas_sec_domain"/>
</authentication>
<authorization>
<properties path="application-roles.properties"
relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>{quote}
{quote}<http-connector name="http-remoting-connector"
connector-ref="default" security-realm="ApplicationRealm">
<properties>
<property name="SASL_MECHANISMS"
value="ANONYMOUS,PLAIN"/>
<property name="SASL_POLICY_NOANONYMOUS"
value="false"/>
</properties>
</http-connector>{quote}
As you can see, I've defined JAAS as you suggested. (Whole file is attached as
standalone2.xml)
With this configuration, authentication *works*.
I've noticed only one possible problem during configuration. If password is hashed in
*.properties file. You have to add appropriate hash algorithm into login module:
{quote}<security-domain name="ima_jaas_sec_domain"
cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties"
value="file:///$\{jboss.server.config.dir\}/application-users.properties"/>
<module-option name="rolesProperties"
value="file:///$\{jboss.server.config.dir\}/application-roles.properties"/>
<module-option name="hashAlgorithm" value="MD5"/>
</login-module>
</authentication>{quote}
Fix of WFCORE-3826 breaks plain authentication for ejbs using legacy
configuration
----------------------------------------------------------------------------------
Key: WFCORE-3963
URL:
https://issues.jboss.org/browse/WFCORE-3963
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 6.0.0.Alpha3
Reporter: Jiri Ondrusek
Assignee: Jiri Ondrusek
Labels: Regression
Fix For: 6.0.0.Alpha5
Attachments: standalone-for-node01.xml, standalone2.xml
Fix
https://issues.jboss.org/browse/WFCORE-3826 fixes anonymous authentication but breaks
authenticated mode (for example PLAIN mode with username/password). See
https://issues.jboss.org/browse/JBEAP-14647 for more details.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)