I try to secure my Application using a Databaselogin in Wildfly 8.2.0.Final.
I configured my datasource in standalone.xml and it seems to work as i can access the database:
<datasource jndi-name="java:/jdbc/Racoonda" pool-name="RacoondaDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://localhost:3306/racoonda</connection-url>
<driver>mysql</driver>
<pool>
<min-pool-size>1</min-pool-size>
<max-pool-size>100</max-pool-size>
<prefill>true</prefill>
<use-strict-min>false</use-strict-min>
<flush-strategy>Gracefully</flush-strategy>
</pool>
<security>
<user-name>root</user-name>
<password>root</password>
</security>
<validation>
<check-valid-connection-sql>select 1</check-valid-connection-sql>
<validate-on-match>true</validate-on-match>
<background-validation>true</background-validation>
<background-validation-millis>10000</background-validation-millis>
</validation>
<timeout>
<idle-timeout-minutes>10</idle-timeout-minutes>
</timeout>
<statement>
<prepared-statement-cache-size>10</prepared-statement-cache-size>
<share-prepared-statements>true</share-prepared-statements>
</statement>
</datasource>
And i also configured my security-domain in standalone.xml as follows:
<security-domain name="racoondaAdmin" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:/jdbc/Racoonda"/>
<module-option name="principalsQuery" value="SELECT password FROM Admin WHERE id=?"/>
<module-option name="rolesQuery" value="SELECT 'Admin', 'Roles' FROM dual"/>
</login-module>
</authentication>
</security-domain>
I added the domain in my resources/WEB-INF/jboss-web.xml:
`<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<security-domain>racoondaAdmin</security-domain>
</jboss-web>`
I then tried to secure my application in resources/WEB-INF/web.xml:
`<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<distributable/>
<security-constraint>
<display-name>racoonda</display-name>
<web-resource-collection>
<web-resource-name>racoonda</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<context-param>
<param-name>resteasy.role.based.security</param-name>
<param-value>true</param-value>
</context-param>
<security-role>
<role-name>Admin</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
</web-app>`
The database access works as i can get values from the service i am trying to secure (it gets them from the datbase).
However i can access it without entering any credentials. I put the log level for security to TRACE and tried every approach i could find for If anyone could help, that would be greatly appreciated. Thanks in advance
Put you configuration files in src/main/webapp/WEB-INF folder.