[wildfly-dev] Security subsystem and its security-domain definitions in the servlet-distribution

arjan tijms arjan.tijms at gmail.com
Fri Jun 22 03:15:02 EDT 2018


Hi,

The jaspitest domain is to allow a (servlet) application to "activate"
JASPIC and install JASPIC authentication modules without having to modify
the server distribution.

For almost as long as JBoss supports JASPIC the promise has been that such
explicit activation would some time in the future not be needed anymore.
Initially the promise was that with Undertow this would be fixed, but when
it wasn't Elytron would address it. Now that Elytron is there I'm not sure
if it's indeed finally not needed anymore. Darran Lofthouse should be the
one who knows.

If Elytron still requires the manual "activation" of JASPIC, then the
jaspitest domain is likely needed. Both Tomcat and Jetty also support (the
Servlet Container Profile of) JASPIC.

Kind regards,
Arjan




On Tue, Jun 19, 2018 at 3:54 PM Yeray Borges <yborgess at redhat.com> wrote:

> Hello everyone,
>
> I'm doing a comparison between the different server configuration files
> generated in normal distribution and servlet-distribution, basically
> working on [1].
>
> The security subsystem in the servlet distribution does not have these
> security domains configured whereas they are in the normal distribution:
>
> <subsystem xmlns="urn:jboss:domain:security:2.0">
>     <security-domains>
>            ...
>     <security-domain name="jboss-web-policy" cache-type="default">
>         <authorization>
>             <policy-module code="Delegating" flag="required"/>
>         </authorization>
>     </security-domain>
>     <security-domain name="jboss-ejb-policy" cache-type="default">
>         <authorization>
>             <policy-module code="Delegating" flag="required"/>
>         </authorization>
>     </security-domain>
>     <security-domain name="jaspitest" cache-type="default">
>         <authentication-jaspi>
>             <login-module-stack name="dummy">
>                 <login-module code="Dummy" flag="optional"/>
>             </login-module-stack>
>             <auth-module code="Dummy"/>
>         </authentication-jaspi>
>     </security-domain>
> <security-domains>
>
> I understand jboss-ejb-policy should not be configured because the
> servlet-distribution does not use ejbs, but what about jaspitest?
> I have no clue if it has to be included or not in the
> servlet-distribution.
>
> Do you know if we should include it?
>
> Regards,
> Yeray
>
> [1] https://issues.jboss.org/browse/WFLY-10421
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20180622/92d7c87e/attachment.html 


More information about the wildfly-dev mailing list