注入在 SecurityRealm-Bean 中不起作用

Question

I'm trying to implement a custom security realm which access a database for user validation. I want to inject a configured database from the datasource-module. It seems that no dependency injections is working as it also failed to inject a ContextService. My reduced security realm:

import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Map;
import java.util.function.Consumer;

import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.ejb.Stateless;
import javax.sql.DataSource;

import org.wildfly.extension.elytron.Configurable;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;

@Stateless
public class ExampleRealm implements CacheableSecurityRealm, Configurable
{
    @Resource(name = "java:jboss/datasources/ExampleDS")
    private DataSource ds;

    public ExampleRealm()
    {
        // nothing
    }

    @PostConstruct
    public void init()
    {
        System.out.println("init CDI DemoBean");
    }

    @Override
    public void initialize(final Map<String, String> map)
    {
        System.out.println("init " + ds);
    }

    @Override
    public void registerIdentityChangeListener(final Consumer<Principal> cnsmr)
    {
        // nothing
    }

    @Override
    public SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName,
            final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
    {
        return SupportLevel.UNSUPPORTED;
    }

    @Override
    public SupportLevel getEvidenceVerifySupport(final Class<? extends Evidence> evidenceType, final String algorithmName) throws RealmUnavailableException
    {
        return PasswordGuessEvidence.class.isAssignableFrom(evidenceType) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    @Override
    public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException
    {
        System.out.println("getIdentity " + ds);

        //omitted

        return RealmIdentity.NON_EXISTENT;
    }
}

I tried different dependencies in the module.xml. Current module.xml:

<?xml version='1.0' encoding='UTF-8'?>

<module xmlns="urn:jboss:module:1.1" name="prototype.webAuth.providers">

    <resources>
        <resource-root path="loginProviders-1.0.0.jar"/>
    </resources>

    <dependencies>
        <module name="org.wildfly.security.elytron"/>
        <module name="org.wildfly.extension.elytron"/>
        <module name="javax.api"/>
        <module name="javax.annotation.api"/>
        <module name="javax.ejb.api"/>
        <module name="javax.resource.api"/>
        <module name="javax.enterprise.api"/>
        <module name="javax.inject.api"/>
        <module name="javax.interceptor.api"/>
        <module name="javax.validation.api"/>
        <module name="org.hibernate.validator"/>
        <module name="javax.xml.stream.api"/>
    </dependencies>
</module>

The datasource is available in the standalone.xml and can be injected and accessed in a servlet which is cointained in a deployed war-file. But in the security realm it is null.

The jar is created with maven and packaging ejb. Any advises?

Answer 1

You are trying to define a security realm as an EJB which is not supported. The security realm classes are not deployed as EJBs. Also no other custom Elytron components are supported as CDI beans.

If you want to define components that are CDI based you can maybe use a standard Jakarta EE security APIs that allow you to define an authentication mechanism and identity store as CDI beans.