[jboss-jira] [JBoss JIRA] (WFCORE-4048) Unable to configure custom security realm in deployment

Darran Lofthouse (JIRA) issues at jboss.org
Tue Aug 21 04:37:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFCORE-4048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13621873#comment-13621873 ] 

Darran Lofthouse commented on WFCORE-4048:
------------------------------------------

Yes JASPI and EE Security are looking to be added in WildFly 15, both of those allow the implementations to live within a deployment.

I have converted this to a feature request as we still my want to look into some form of dynamic security domain from a deployment for use by just that deployment.

> Unable to configure custom security realm in deployment
> -------------------------------------------------------
>
>                 Key: WFCORE-4048
>                 URL: https://issues.jboss.org/browse/WFCORE-4048
>             Project: WildFly Core
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 6.0.0.CR2
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>
> Original user report [1]:
> Hello everyone, I am migrating from legacy security to Elytron, and I have a problem. Is there anyone who can help me? We have a custom login-module that queries infinispan cache (which maps simple bearer tokens to user names), and then queries the database (to get user roles), and on commit essentially wraps it up in Principal object. Elytron doesn't have login-modules, but security realms. There is no default realm that matches our desired functionality, so we need to define a new custom-realm. The problem is, security realms can be defined with classes in wildfly "modules", not deployments. And since "modules" can't contain EJB's, I can't inject neither infinispan cache nor database entity manager in the code. Please help what is the right way to go here
> I was thinking about it and I have come to conclusion that Elytron is not able to do the same as legacy. I assume that user is right that you cant use EE features in modules. And it looks to me Elytorn does not allow dependency on deployment module. Because Elytron checks existance of module in time of starting and deployment can be not loaded yet. In legacy existance verification is apparently postponed to time of usage.
> So I assume in legacy you can define custom login module in deployment (with EE annotations) and register such login module in security subsystem. And dependencies are resolved in runtime and not in boottime.
> [1] https://wildfly.hipchat.com/embedded/history/room/699248/2018/07/18?p=1&q=custom%20login%20module&t=rid-699248#71f1e936-7176-487f-82eb-8ce37ebc1977



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list