Search code examples
wildflyweb.xmlwildfly-8

webapp in ManagementRealm on Wildfly

I'm writing an administration webapp to be deployed on Wildfly. It's gonna be used by the same users that have access to the Administration Console (http://localhost:9990/). It would be great if I could just declare that my app should use HTTP Basic auth in the ManagementRealm, just like the Console does.

The naive, optimistic try did not work:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
            http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Panel</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>ManagementRealm</realm-name>
    </login-config>
</web-app>

This does not trigger the HTTP Basic login dialog at all. Is there any simple way to plug my app into the ManagementRealm?

Solution

  • I found that I need to create a security domain that's linked with the ManagementRealm. The configuration is spread over three places:

    1) A new security domain needs to be added that delegates to ManagementRealm using RealmDirect login module:

    <subsystem xmlns="urn:jboss:domain:security:1.2">
    <security-domains>
        ....
        <security-domain name="management" cache-type="default">
            <authentication>
                <login-module code="RealmDirect" flag="required">
                    <module-option name="realm" value="ManagementRealm"/>
                </login-module>
            </authentication>
        </security-domain>

    This can be done via jboss-cli:

    /subsystem=security/security-domain=management:add(cache-type=default)
/subsystem=security/security-domain=management/authentication=classic:add(\
    login-modules=[{\
        "code"=>"RealmDirect", "flag"=>"required", \
        "module-options"=>[("realm"=>"ManagementRealm")]\
    }])

    2) The app need to reference this security domain using WEB-INF/jboss-web.xml:

    <jboss-web>
    <security-domain>management</security-domain>
</jboss-web>

    3) Than a straightforward web.xml to turn on HTTP Basic login dialog:

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
             http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
    <security-role>
        <role-name>*</role-name>
    </security-role>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Panel</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>[message show in login dialog]</realm-name>
    </login-config>
</web-app>