[jboss-jira] [JBoss JIRA] (ELY-1822) security domain with multiple realms
Christopher Willems (Jira)
issues at jboss.org
Thu May 30 09:27:00 EDT 2019
[ https://issues.jboss.org/browse/ELY-1822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher Willems updated ELY-1822:
-------------------------------------
Description:
we have an ear file with 2 war files and one ejb jar . Purpose of the war files is to allow for different authentication mechanisms, one for jwt (BEARER_TOKEN) the other one jdbc (BASIC) .
After the authentication we have a call to the ejb layer which we expect to have the principal of the authentication.
Everything works fine for one realm, the default realm. The other realm will return unauthorized . With no default nothing works. The relevant information from the standalone xml is pasted below and others are attached.
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="war-domain" security-domain="war-domain"/>
</application-security-domains>
<default-missing-method-permissions-deny-access value="false"/>
<subsystem xmlns="urn:wildfly:elytron:6.0"
<security-domain name="war-domain" default-realm="jdbc-realm" permission-mapper="default-permission-mapper" outflow-security-domains="ApplicationDomain">
<realm name="jdbc-realm"/>
<realm name="jwt-realm"/>
</security-domain>
<http-authentication-factory name="war-http-authentication" security-domain="war-domain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BEARER_TOKEN">
<mechanism-realm realm-name="jwt-realm"/>
</mechanism>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="jdbc-realm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
was:
we have an ear file with 2 war files and one ejb jar . Purpose of the war files is to allow for different authentication mechanisms, one for jwt (BEARER_TOKEN) the other one jdbc (BASIC) .
After the authentication we have a call to the ejb layer which we expect to have the principal of the authentication.
Everything works fine for one realm, the default realm. The other realm will return unauthorized . With no default nothing works. The relevant information from the standalone xml is pasted below and others are attached.
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="war-domain" security-domain="war-domain"/>
</application-security-domains>
<default-missing-method-permissions-deny-access value="false"/>
<log-system-exceptions value="true"/>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:6.0"
<security-domain name="war-domain" default-realm="jdbc-realm" permission-mapper="default-permission-mapper" outflow-security-domains="ApplicationDomain">
<realm name="jdbc-realm"/>
<realm name="jwt-realm"/>
</security-domain>
> security domain with multiple realms
> -------------------------------------
>
> Key: ELY-1822
> URL: https://issues.jboss.org/browse/ELY-1822
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Server
> Affects Versions: 1.8.0.Final
> Environment: windows mssql
> Reporter: Christopher Willems
> Priority: Major
> Attachments: jboss-ejb3.xml, jboss-web.xml, standalone.xml
>
>
> we have an ear file with 2 war files and one ejb jar . Purpose of the war files is to allow for different authentication mechanisms, one for jwt (BEARER_TOKEN) the other one jdbc (BASIC) .
> After the authentication we have a call to the ejb layer which we expect to have the principal of the authentication.
> Everything works fine for one realm, the default realm. The other realm will return unauthorized . With no default nothing works. The relevant information from the standalone xml is pasted below and others are attached.
> <subsystem xmlns="urn:jboss:domain:ejb3:5.0">
> <default-security-domain value="other"/>
> <application-security-domains>
> <application-security-domain name="war-domain" security-domain="war-domain"/>
> </application-security-domains>
> <default-missing-method-permissions-deny-access value="false"/>
>
> <subsystem xmlns="urn:wildfly:elytron:6.0"
> <security-domain name="war-domain" default-realm="jdbc-realm" permission-mapper="default-permission-mapper" outflow-security-domains="ApplicationDomain">
> <realm name="jdbc-realm"/>
> <realm name="jwt-realm"/>
> </security-domain>
>
> <http-authentication-factory name="war-http-authentication" security-domain="war-domain" http-server-mechanism-factory="global">
> <mechanism-configuration>
> <mechanism mechanism-name="BEARER_TOKEN">
> <mechanism-realm realm-name="jwt-realm"/>
> </mechanism>
> <mechanism mechanism-name="BASIC">
> <mechanism-realm realm-name="jdbc-realm"/>
> </mechanism>
> </mechanism-configuration>
> </http-authentication-factory>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list