Monday, July 3, 2017

Wildfly 10.1 Webservice Security with Custom Login Module

source code:   https://github.com/byorn/wildfly-webservice-security


A Sample EAR extracted from the Wildfly Quickstarts can be found from the above source.


It contains a @Webservice and @SecurityDomain, protecting the @Webmethod with defined roles.

In the project's EJB Section, is the Module DelegationLoginModule.

This is a custom Login Module. All the information on how to authentication the user name and password is described in the source comments.


The Standalone.xml in Wildfly10 should have this configuration:


<security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="byorns.com.login.module.DelegationLoginModule" flag="required">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    
                    </authentication>
                </security-domain>

web.xml should have
<login-config>
   <auth-method>BASIC</auth-method>   <realm-name>RealmUsersRoles</realm-name></login-config>


Test with SOAP UI, Basic Authentication:





For more security related debugs:

Add the logger in Standalone.xml

 <logger category="org.jboss.security">
                <level name="TRACE"/>
</logger>

No comments:

Post a Comment