8:45 a.m.
Hello everyone,
I'm doing a comparison between the different server configuration files
generated in normal distribution and servlet-distribution, basically
working on [1].
The security subsystem in the servlet distribution does not have these
security domains configured whereas they are in the normal distribution:
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
...
<security-domain name="jboss-web-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
<security-domains>
I understand jboss-ejb-policy should not be configured because the
servlet-distribution does not use ejbs, but what about jaspitest?
I have no clue if it has to be included or not in the servlet-distribution.
Do you know if we should include it?
Regards,
Yeray
[1] https://issues.jboss.org/browse/WFLY-10421
2:15 a.m.
Hi,
The jaspitest domain is to allow a (servlet) application to "activate"
JASPIC and install JASPIC authentication modules without having to modify
the server distribution.
For almost as long as JBoss supports JASPIC the promise has been that such
explicit activation would some time in the future not be needed anymore.
Initially the promise was that with Undertow this would be fixed, but when
it wasn't Elytron would address it. Now that Elytron is there I'm not sure
if it's indeed finally not needed anymore. Darran Lofthouse should be the
one who knows.
If Elytron still requires the manual "activation" of JASPIC, then the
jaspitest domain is likely needed. Both Tomcat and Jetty also support (the
Servlet Container Profile of) JASPIC.
Kind regards,
Arjan
On Tue, Jun 19, 2018 at 3:54 PM Yeray Borges <yborgess(a)redhat.com> wrote:
Hello everyone,
I'm doing a comparison between the different server configuration files
generated in normal distribution and servlet-distribution, basically
working on [1].
The security subsystem in the servlet distribution does not have these
security domains configured whereas they are in the normal distribution:
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
...
<security-domain name="jboss-web-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy"
cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
<security-domains>
I understand jboss-ejb-policy should not be configured because the
servlet-distribution does not use ejbs, but what about jaspitest?
I have no clue if it has to be included or not in the
servlet-distribution.
Do you know if we should include it?
Regards,
Yeray
[1] https://issues.jboss.org/browse/WFLY-10421
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
2356
days inactive
2359
days old
1 comments
2 participants
participants (2)
-
arjan tijms -
Yeray Borges