I have a working webapp (a .war that includes a .jar with three EJBs) that works fine.
I define an LDAP security domain through jboss-cli:
/subsystem=elytron/dir-context=pepDirContext:add(url="ldap://127.0.0.1:10389",principal="uid=admin,ou=system",credential-reference={clear-text="secret"})
/subsystem=elytron/ldap-realm=pepRealm:add(dir-context=pepDirContext,identity-mapping={search-base-dn="ou=Users,dc=jboss,dc=org",rdn-identifier=uid,user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=jboss,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
/subsystem=elytron/security-domain=pepSD:add(realms=[{realm=pepRealm,role-decoder=from-roles-attribute}],default-realm=pepRealm,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=pep-http-auth:add(http-server-mechanism-factory=global,security-domain=pepSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=pepRealm}]}]
/subsystem=undertow/application-security-domain=pepASD:add(http-authentication-factory=pep-http-auth)
/subsystem=undertow/application-security-domain=pepSD:add(http-authentication-factory=pep-http-auth)
Note: I have decided two "application-security-domain" as part of the tests, ideally I wanted to use only pepASD.
Now, I add to my war the WEB-INF/jboss-web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>pepSD</security-domain>
</jboss-web>
and when I deploy it, I get:
14:48:31,347 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("full-replace-deployment") failed - address: ([]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.pepSD"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"frontend.war\".component.UsuarioEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.GerenciaEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.FlujoEjb.CREATE is missing [jboss.security.security-domain.pepSD]"
What am I missing?
I am using WildFly 18.0.0.1 on Java 11.
It turns out that for EJBs I need to define an application security domain into the ejb3 subsystem:
/subsystem=ejb3/application-security-domain=pepASD:add(security-domain=pepSD)
I need to try it a little more to check the relationships (if any) between the ejb3's and undertow's application-security-domain