[keycloak-user] Wildfly Elytron client adapter - Propagate security domain to EJB

Pedro Igor Silva psilva at redhat.com
Wed Apr 3 08:15:46 EDT 2019


This seem to be related with your WAR deployment though. Did you try to
change the application-security-domain in both ejb3 and undertow subsystems
to "other". That way you don't need to specify a security domain as "other"
will be the default. IIRC, when you run the elytron adapter scripts an
"other" application-security-domain is created in the undertow subsystem.

On Wed, Apr 3, 2019 at 9:08 AM Ryan Slominski <ryans at jlab.org> wrote:

> Using the command:
>
>
> /subsystem=ejb3/application-security-domain=KeycloakDomain:add(security-domain=KeycloakDomain)
>
> Results in different error upon application deploy:
>
> 08:03:35,017 ERROR [org.jboss.as.controller.management-operation]
> (DeploymentScanner-threads - 1) WFLYCTL0013: Operation ("deploy") failed -
> address: ([("deployment" => "staff.war")]) - failure description: {
>     "WFLYCTL0412: Required services that are not installed:" =>
> ["jboss.security.security-domain.KeycloakDomain"],
>     "WFLYCTL0180: Services with missing/unavailable dependencies" =>
> ["jboss.deployment.unit.\"staff.war\".undertow-deployment.UndertowDeploymentInfoService
> is missing [jboss.security.security-domain.KeycloakDomain]"]
> }
>
>
> More log context attached.
>
>
> ------------------------------
> *From:* Pedro Igor Silva <psilva at redhat.com>
> *Sent:* Wednesday, April 3, 2019 7:53 AM
> *To:* Ryan Slominski
> *Cc:* keycloak-user
> *Subject:* Re: [keycloak-user] Wildfly Elytron client adapter - Propagate
> security domain to EJB
>
> I found an error in the command that I gave to you. Could try to change
> the name of the application-security-domain to "KeycloakDomain", instead of
> "other".
>
> If it doesn't work I would prefer to try this out first before opening the
> JIRA. But I appreciate if you can at least try the change above first.
>
> On Wed, Apr 3, 2019 at 8:40 AM Ryan Slominski <ryans at jlab.org> wrote:
>
> Thanks for the idea.  Unfortunately it didn't work.  I still see:
>
> "WFLYCTL0412: Required services that are not installed:" =>
> ["jboss.security.security-domain.KeycloakDomain"]
>
> I am using only local EJBs.   I guess I must stick with the legacy Wildfly
> client adapter.  Looks like the JIRA to addresss the EJB propagation issue
> has been closed.  Can we re-open it?
>
> See:  https://issues.jboss.org/browse/KEYCLOAK-5665
> <https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.jboss.org%2Fbrowse%2FKEYCLOAK-5665&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491866363&sdata=voDpk9ziIwlbDcwqDeOLjhxI4bsmHgw67PAD3uFgRuU%3D&reserved=0>
> ------------------------------
> *From:* Pedro Igor Silva <psilva at redhat.com>
> *Sent:* Tuesday, April 2, 2019 9:07 PM
> *To:* Ryan Slominski
> *Cc:* keycloak-user
> *Subject:* Re: [keycloak-user] Wildfly Elytron client adapter - Propagate
> security domain to EJB
>
> Hi,
>
> I guess it is a local EJB ? If so, could you try configuring the EJB
> subsystem with an application-security-domain as follows:
>
>
> /subsystem=ejb3/application-security-domain=other:add(security-domain=KeycloakDomain)
>
> Regards.
>
> On Tue, Apr 2, 2019 at 6:14 PM Ryan Slominski <ryans at jlab.org> wrote:
>
> Has anyone been able to propagate the Keycloak security domain in Wildfly
> Elytron client adapter to EJBs in an application using jboss-ejb3.xml?
> Creating a single file that is bundled with the application war seems like
> a better solution than importing  and apply a JBOSS specific annotation
> (@SecurityDomain) to hundreds of EJBs.
>
> I placed the file into WEB-INF with contents:
>
> <?xml version="1.1" encoding="UTF-8"?>
> <jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee
> <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.jboss.com%2Fxml%2Fns%2Fjavaee&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491876372&sdata=y%2FpHnisUctcK5%2BbqGAwn6JufzMRiNQgMt5yngiOpWDo%3D&reserved=0>
> "
>     xmlns="http://java.sun.com/xml/ns/javaee
> <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fjava.sun.com%2Fxml%2Fns%2Fjavaee&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491876372&sdata=lWicNs3kzTcMio7nch%2BK4BM3btgKydvccZr70RFL%2FMA%3D&reserved=0>
> "
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491886373&sdata=DkgC5ZBO8F9j8cGRXmG%2FsderkpTLFu%2BCozKcMDEH9PQ%3D&reserved=0>
> "
>     xmlns:s="urn:security"
>     xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
> <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.jboss.com%2Fxml%2Fns%2Fjavaee&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491886373&sdata=yc3nRnfLCYRPADfyMBX7EfKUsUFh7ipq%2F8k2Zv4GUfs%3D&reserved=0>
> http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd
> <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.jboss.org%2Fj2ee%2Fschema%2Fjboss-ejb3-2_0.xsd&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491896386&sdata=yRJVNrIE1r33itc%2B5xKX7TsKt79KpeDdclwaGN%2BakQM%3D&reserved=0>
> "
>     version="3.1" impl-version="2.0">
>     <assembly-descriptor>
>         <s:security>
>             <ejb-name>*</ejb-name>
>             <s:security-domain>keycloak</s:security-domain>
>         </s:security>
>     </assembly-descriptor>
> </jboss:ejb-jar>
>
> I also tried label "KeycloakDomain" instead of "keycloak".  In either case
> I get the following error when I attempt to deploy the war file:
>
>     "WFLYCTL0412: Required services that are not installed:" =>
> ["jboss.security.security-domain.KeycloakDomain"],
>     "WFLYCTL0180: Services with missing/unavailable dependencies" => [
>         "jboss.deployment.unit.\"staff.war\".component.StaffFacade.CREATE
> is missing [jboss.security.security-domain.KeycloakDomain]",
>
> "jboss.deployment.unit.\"staff.war\".undertow-deployment.UndertowDeploymentInfoService
> is missing [jboss.security.security-domain.KeycloakDomain]",
>
> "jboss.deployment.unit.\"staff.war\".component.WorkgroupFacade.CREATE is
> missing [jboss.security.security-domain.KeycloakDomain]"
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-user&data=02%7C01%7Cryans%40jlab.org%7C6e87cc01a72b420f378008d6b82b13eb%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636898892491906396&sdata=bJZtpTfcm%2FJV7j964i1L4wfTkB6UoKp3%2FmmRYixnRkg%3D&reserved=0>
>
>


More information about the keycloak-user mailing list