[wildfly-dev] Read Elytron security domain from Undertow's ApplicationSecurityDomainService
Jim Ma
ema at redhat.com
Fri Mar 13 04:20:25 EDT 2020
On Thu, Mar 12, 2020 at 8:12 PM Darran Lofthouse <darran.lofthouse at jboss.com>
wrote:
> Is it possible to identify the revelevent DeploymentUnitProcessors in this
> process along with their phase and priority so we can check the ordering.
>
The "other"'s mapped Elytron security domain service is required to read
in EndpointServiceDeploymentAspect. It's installed in Phase.INSTALL,
Phase.INSTALL_WS_DEPLOYMENT_ASPECTS priority. It's running
before UndertowDeploymentProcessor
>
> What may be more appropriate is for the Undertow DUP to attach something
> which identifies the SecurityDomain instead of the web services DUP relying
> on internal API / repeating the same checks already performed within
> Undertow.
>
> In the future we will be removing all of the application security domain
> resources so coordinating using attachments will hopefully also future
> proof any fix.
>
It looks this attachment should be set in some Undertow DUP before
UndertowDeploymentProcessor. WebService needs a Securitycontext to call
the ejb ws endpoint method or webservice endpoint method :
https://github.com/wildfly/wildfly/blob/master/webservices/server-integration/src/main/java/org/jboss/as/webservices/invocation/AbstractInvocationHandler.java#L114
Is there better api/approach to perform this kind of method invocation ?
Thanks,
Jim
>
> Regards,
> Darran Lofthouse.
>
>
> On Thu, Mar 12, 2020 at 11:45 AM Jim Ma <ema at redhat.com> wrote:
>
>> There is ws deployment failure issue[1] which is caused by Webservice
>> subsystem doesn't correctly get mapped elytron security domain from web
>> deployment's default "other"
>> application security domain. I tried to fix this by reading Elytron
>> security domain from Undertow started services, but it looks now
>> ApplicationSecurityDomainService is private static and it doesn't provide a
>> getter which allows to get Elytron security domain. Webservice subsystem
>> requires an Undertow service like ApplicationSecurityDomainService[2]
>> started by EJB subsystem to read the Elytron security domain. Is it doable
>> to change Undertow's ApplicationSecurityDomainService to provide mapped
>> security domain ? Or any better approach to get the mapped Elytron domain ?
>>
>> [1]https://issues.redhat.com/browse/WFLY-12765
>> [2]
>> https://github.com/wildfly/wildfly/blob/master/ejb3/src/main/java/org/jboss/as/ejb3/subsystem/ApplicationSecurityDomainService.java
>>
>> Cheers,
>> Jim
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20200313/9d972fa0/attachment.html
More information about the wildfly-dev
mailing list