wildflyelytron

How to add a custom Credential Store to WildFly


Using steps from https://docs.wildfly.org/23/WildFly_Elytron_Security.html#Custom_CredentialStore


Created a SPI and Provider implementation. For now, just simple implementation with logs to see if it works.

Now I don't know how to add this do WildFly.

I packaged it into a module and:

  1. tried to add a <extension module=...> ref on standalone.xml, but than it complains that it is not an extension;
  2. tried to add as subsystem=domain:ee/global-modules/module, there is no error, but nor SPI or Provider have a hit;
  3. tried to add as subsystem=elytron/provider-loader, then Provider is called (twice ??), but SPI not.

So, using provider-loader, how to use my custom provider?


Here a snippet of Provider impl:

// used WildFlyElytronCredentialStoreProvider as reference
public class TestCredentialStoreProvider extends WildFlyElytronBaseProvider {

    private static final TestCredentialStoreProvider INSTANCE = new TestCredentialStoreProvider ();

    public TestCredentialStoreProvider () {
        super("TestCredentialStoreProvider ", "1.0", "Test CredentialStore Provider");

        putService(new Service(this, "CredentialStore", "TestCredentialStore", "package.TestCredentialStore", emptyList, emptyMap));
    }

    public static TestCredentialStoreProvider getInstance() {
        return INSTANCE;
    }
}

Obs. Why provider is loaded twice?


Solution

  • Create a jar and containing your credential store and provider classes, and add it as a WildFly module with a dependency on org.wildfly.security.elytron. For example:

    module add --name=org.wildfly.customcredstore --resources=/path/to/customcredstoreprovider.jar --dependencies=org.wildfly.security.elytron
    

    Create a provider loader for your provider. For example:

    /subsystem=elytron/provider-loader=myProviderLoader:add(class-names=[org.wildfly.security.mycustomcredstore.CustomProvider],module=org.wildfly.customcredstore)
    

    You can add it to the list of initial providers and reload the server

    /subsystem=elytron:write-attribute(name=initial-providers,value=myProviderLoader)
    reload
    

    You can check loaded providers:

    /subsystem=elytron/provider-loader=myProviderLoader:read-attribute(name=loaded-providers)
    

    Then to add a custom credential store with the provider you can use:

    /subsystem=elytron/credential-store=mystore:add(providers=myProviderLoader,type=TestCredentialStore,credential-reference={clear-text='pass'})
    

    There is also some docs on how to add custom elytron component here: https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Custom_Components