[SOLVED] How to migrate PicketBox LdapLoginModule to Elytron?

How to migrate PicketBox LdapLoginModule to Elytron?

This is my old code for ldap connection

This creates a javax loginModule with name "login" so when a request came through JMS, our application looks for a javax LoginContext with name "login" and calls login() with login context and a callbackhandler that handles the username/password. The username and password is provided by the message from user/GUI.

<security-domain name="login" cache-type="default">     
    <authentication>
        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
           <module-option name="java.naming.provider.url" value="${java.naming.provider.url}"/>
           <module-option name="principalDNPrefix" value="${principalDNPrefix}"/>
           <module-option name="principalDNSuffix" value="${principalDNSuffix}"/>
           <module-option name="com.sun.jndi.ldap.connect.timeout" value="${ldap.connect.timeout}"/>
        </login-module>
     </authentication>
 </security-domain>

Here is my effort for translating it into elytron: Security realms:

<security-realms>
   <ldap-realm name="ldapRealm" dir-context="ldapDirContext" direct-verification="true" allow-blank-password="true">
        <identity-mapping rdn-identifier="uid" search-base-dn="ou=company,dc=compauth,dc=comp,dc=de" />
    </ldap-realm>

    <caching-realm  name="cached-ldap" realm="ldapRealm"/>
 </security-realms>

Dir context

<dir-contexts>
    <dir-context name="ldapDirContext" url="${java.naming.provider.url}" authentication-level="none">
        <properties>
            <property name="com.sun.jndi.ldap.connect.timeout" value="${ldap.connect.timeout}"/>
         </properties>
    </dir-context>
</dir-contexts>

Security domain:

<security-domains>
    <security-domain name="login" default-realm="cached-ldap" permission-mapper="default-permission-mapper">
        <realm name="cached-ldap" role-decoder="groups-to-roles"/>
   </security-domain>
</security-domains>

I'm getting error: No LoginModules configured for "login".

WARN [org.security.login.LoginServiceAbstract] (loginJmsContainer-2) LoginServiceBean.login exception occured : javax.security.auth.login.LoginException: No LoginModules configured for login
        at javax.security.auth.login.LoginContext.init(LoginContext.java:264)
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:417)
        at gts.common.refdata.core.platform.security.login.LoginServiceAbstract.login(LoginServiceAbstract.java:83)
        at gts.common.refdata.core.platform.security.login.LoginServiceAbstract.login(LoginServiceAbstract.java:68)
        ...

Solution

The way how it works is not applicable with Elytron. There are no login modules that elytron creates that can be used in runtime. So It is easier to have a custom ldap implementation that does not depend on Elytron.