Hello everyone,

I'm doing a comparison between the different server configuration files generated in normal distribution and servlet-distribution, basically working on [1].

The security subsystem in the servlet distribution does not have these security domains configured whereas they are in the normal distribution:

<subsystem xmlns="urn:jboss:domain:security:2.0">
    <security-domains>
           ...
    <security-domain name="jboss-web-policy" cache-type="default">
        <authorization>
            <policy-module code="Delegating" flag="required"/>
        </authorization>
    </security-domain>
    <security-domain name="jboss-ejb-policy" cache-type="default">
        <authorization>
            <policy-module code="Delegating" flag="required"/>
        </authorization>
    </security-domain>
    <security-domain name="jaspitest" cache-type="default">
        <authentication-jaspi>
            <login-module-stack name="dummy">
                <login-module code="Dummy" flag="optional"/>
            </login-module-stack>
            <auth-module code="Dummy"/>
        </authentication-jaspi>
    </security-domain>
<security-domains>


I understand jboss-ejb-policy should not be configured because the servlet-distribution does not use ejbs, but what about jaspitest?
I have no clue if it has to be included or not in the servlet-distribution.

Do you know if we should include it?

Regards,
Yeray

[1] https://issues.jboss.org/browse/WFLY-10421