[keycloak-user] Wildfly Elytron client adapter - Propagate security domain to EJB
Ryan Slominski
ryans at jlab.org
Wed Apr 3 07:40:12 EDT 2019
Thanks for the idea. Unfortunately it didn't work. I still see:
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.KeycloakDomain"]
I am using only local EJBs. I guess I must stick with the legacy Wildfly client adapter. Looks like the JIRA to addresss the EJB propagation issue has been closed. Can we re-open it?
See: https://issues.jboss.org/browse/KEYCLOAK-5665
________________________________
From: Pedro Igor Silva <psilva at redhat.com>
Sent: Tuesday, April 2, 2019 9:07 PM
To: Ryan Slominski
Cc: keycloak-user
Subject: Re: [keycloak-user] Wildfly Elytron client adapter - Propagate security domain to EJB
Hi,
I guess it is a local EJB ? If so, could you try configuring the EJB subsystem with an application-security-domain as follows:
/subsystem=ejb3/application-security-domain=other:add(security-domain=KeycloakDomain)
Regards.
On Tue, Apr 2, 2019 at 6:14 PM Ryan Slominski <ryans at jlab.org<mailto:ryans at jlab.org>> wrote:
Has anyone been able to propagate the Keycloak security domain in Wildfly Elytron client adapter to EJBs in an application using jboss-ejb3.xml? Creating a single file that is bundled with the application war seems like a better solution than importing and apply a JBOSS specific annotation (@SecurityDomain) to hundreds of EJBs.
I placed the file into WEB-INF with contents:
<?xml version="1.1" encoding="UTF-8"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.jboss.com%2Fxml%2Fns%2Fjavaee&data=02%7C01%7Cryans%40jlab.org%7Cc5155f92c5c34a8839fb08d6b7d0cfce%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898504812196627&sdata=8CI%2BUGfBkF7iW4kd4P9C2aYUlPNo5QZZ5gMBIVfAkYM%3D&reserved=0>"
xmlns="http://java.sun.com/xml/ns/javaee<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjava.sun.com%2Fxml%2Fns%2Fjavaee&data=02%7C01%7Cryans%40jlab.org%7Cc5155f92c5c34a8839fb08d6b7d0cfce%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898504812206636&sdata=GU8KAYx%2BuNiadMpeZ9hZ0S9cazHWfr8dVBLsHzpT7ek%3D&reserved=0>"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7Cryans%40jlab.org%7Cc5155f92c5c34a8839fb08d6b7d0cfce%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898504812206636&sdata=Z3jrWIqqmoykPWoVDG6JHwIiY8d2c8Uw9ts5EA1b51g%3D&reserved=0>"
xmlns:s="urn:security"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.jboss.com%2Fxml%2Fns%2Fjavaee&data=02%7C01%7Cryans%40jlab.org%7Cc5155f92c5c34a8839fb08d6b7d0cfce%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898504812216645&sdata=iFAtU%2FWCbHOUkY3VVSBy35PoUWIqOVgnPM2l5mBSZM8%3D&reserved=0> http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.jboss.org%2Fj2ee%2Fschema%2Fjboss-ejb3-2_0.xsd&data=02%7C01%7Cryans%40jlab.org%7Cc5155f92c5c34a8839fb08d6b7d0cfce%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898504812216645&sdata=RvJMnniRFn%2FsCkk3xzvPATt%2BF5S4LSrIQWL%2BPYzr%2BMU%3D&reserved=0>"
version="3.1" impl-version="2.0">
<assembly-descriptor>
<s:security>
<ejb-name>*</ejb-name>
<s:security-domain>keycloak</s:security-domain>
</s:security>
</assembly-descriptor>
</jboss:ejb-jar>
I also tried label "KeycloakDomain" instead of "keycloak". In either case I get the following error when I attempt to deploy the war file:
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.KeycloakDomain"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"staff.war\".component.StaffFacade.CREATE is missing [jboss.security.security-domain.KeycloakDomain]",
"jboss.deployment.unit.\"staff.war\".undertow-deployment.UndertowDeploymentInfoService is missing [jboss.security.security-domain.KeycloakDomain]",
"jboss.deployment.unit.\"staff.war\".component.WorkgroupFacade.CREATE is missing [jboss.security.security-domain.KeycloakDomain]"
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-user&data=02%7C01%7Cryans%40jlab.org%7Cc5155f92c5c34a8839fb08d6b7d0cfce%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898504812226650&sdata=GWw%2Br3G2PkN2YbQ22R%2BgzHUU8swgqL7RKa0MUBaeRLA%3D&reserved=0>
More information about the keycloak-user
mailing list