[SOLVED] Defining jboss-web.xml security-domain causes missing dependencies for my EJBs

Defining jboss-web.xml security-domain causes missing dependencies for my EJBs

I have a working webapp (a .war that includes a .jar with three EJBs) that works fine.

I define an LDAP security domain through jboss-cli:

/subsystem=elytron/dir-context=pepDirContext:add(url="ldap://127.0.0.1:10389",principal="uid=admin,ou=system",credential-reference={clear-text="secret"})

/subsystem=elytron/ldap-realm=pepRealm:add(dir-context=pepDirContext,identity-mapping={search-base-dn="ou=Users,dc=jboss,dc=org",rdn-identifier=uid,user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=jboss,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})

/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)

/subsystem=elytron/security-domain=pepSD:add(realms=[{realm=pepRealm,role-decoder=from-roles-attribute}],default-realm=pepRealm,permission-mapper=default-permission-mapper)

/subsystem=elytron/http-authentication-factory=pep-http-auth:add(http-server-mechanism-factory=global,security-domain=pepSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=pepRealm}]}]

/subsystem=undertow/application-security-domain=pepASD:add(http-authentication-factory=pep-http-auth)

/subsystem=undertow/application-security-domain=pepSD:add(http-authentication-factory=pep-http-auth)

Note: I have decided two "application-security-domain" as part of the tests, ideally I wanted to use only pepASD.

Now, I add to my war the WEB-INF/jboss-web.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>pepSD</security-domain>
</jboss-web>

and when I deploy it, I get:

14:48:31,347 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("full-replace-deployment") failed - address: ([]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.pepSD"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"frontend.war\".component.UsuarioEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.GerenciaEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.FlujoEjb.CREATE is missing [jboss.security.security-domain.pepSD]"

What am I missing?

I am using WildFly 18.0.0.1 on Java 11.

Solution

It turns out that for EJBs I need to define an application security domain into the ejb3 subsystem:

/subsystem=ejb3/application-security-domain=pepASD:add(security-domain=pepSD)

I need to try it a little more to check the relationships (if any) between the ejb3's and undertow's application-security-domain