I am trying to migrate a project from using Legacy Security to using Elytron Security.
Until now (Legacy), all that was required for the authentication to work, was to create a Security Domain in Subsystems -> Security with the correct name ("referencesApplicationDomain").
My web.xml:
<web-app ..>
...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>referencesApplicationDomain</realm-name>
</login-config>
<security-role>
<role-name>authenticated</role-name>
</security-role>
<security-role>
<role-name>anonymous</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
....
</web-resource-collection>
</security-constraint>
<auth-constraint>
<role-name>authenticated</role-name>
</auth-constraint>
</security-constraint>
...
</web-app>
My jboss-web.xml:
<jboss-web ...>
<deny-uncovered-http-methods>false</deny-uncovered-http-methods>
<context-root>/references</context-root>
<security-domain>referencesApplicationDomain</security-domain>
</jboss-web>
Of course our idea is to make our application work with Elytron only.
The problem is, however, I don't see where to create the security domain in Elytron.
I followed the Wildfly Elytron Documentation to create the security-domain as well as the http factory using jboss-cli.
When I check in jboss-cli, I see the security domain was created.
When I try to start the Wildfly server however, I get the following error:
"WFLYCTL0412: Required services that are not installed:" => [
"jboss.security.security-domain.referencesApplicationDomain"
],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"references-war-1.0.11-SNAPSHOT.war\".component.BranchService.CREATE is missing [jboss.security.security-domain.java:/jaas/referencesApplicationDomain]"
]
It seems like jboss is trying to find the security-domain in the old security subsystem instead of Elytron. But I don't understand why?
Small remark: I want to use the ApplicaationRealm, to use the users and groups inside the jboss configuration files.
Turns out, that is not needed with Elytron (in fact, it is for Legacy only). So the solution is just removing these from the xml files:
web.xml
<web-app ..>
...
<login-config>
<auth-method>BASIC</auth-method>
<!--<realm-name>referencesApplicationDomain</realm-name>-->
</login-config>
</web-app>
jboss-web.xml:
<jboss-web ...>
<deny-uncovered-http-methods>false</deny-uncovered-http-methods>
<context-root>/references</context-root>
<!--<security-domain>referencesApplicationDomain</security-domain>-->
</jboss-web>
This works, because per default, the undertow system of Wildlfly is using ApplicationRealm as the default-security-domain. You can verify that by looking at your standalone.xml.