wildfly 10 custom login module with client-cert auth not executing
Question
I need to run a custom-login (I really do need a custom implementation) module alongside with client-cert auth on wildfly 10, but the module itself never executes. The same approach was working on a jboss 6.
My custom module:
public class WsLoginModule implements LoginModule {
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
System.out.println("initialize()");
}
@Override
public boolean login() throws LoginException {
System.out.println("login()");
return true;
}
@Override
public boolean commit() throws LoginException {
System.out.println("commit()");
return true;
}
@Override
public boolean abort() throws LoginException {
System.out.println("abort()");
return true;
}
@Override
public boolean logout() throws LoginException {
System.out.println("logout()");
return true;
}
}
web.xml
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<security-constraint>
<web-resource-collection>
<web-resource-name>action</web-resource-name>
<description>constraint</description>
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myapp</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>custom-security-domain</realm-name>
</login-config>
<security-role>
<description></description>
<role-name>myapp</role-name>
</security-role>
jboss-web.xml
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_6_0.xsd" version="6.0">
<security-domain>custom-security-domain</security-domain>
On standalone.xml, included the ssl cert config:
<security-realm name="SslRealm">
<server-identities>
<ssl>
<keystore path="/home/me/keystore.javaks" keystore-password="passwd"/>
</ssl>
</server-identities>
</security-realm>
also, my custom-security-domain on standalone.xml
<security-domain name="custom-security-domain" cache-type="default">
<authentication>
<login-module code="my.app.WsLoginModule" flag="required"/>
</authentication>
</security-domain>
even changed the default-security-domain
<default-security-domain value="custom-security-domain"/>
and finally, https-listener
<https-listener name="default-ssl" security-realm="SslRealm" socket-binding="https"/>
Everything seems to be ok as showed above, but then i get only "Forbidden" when trying to execute simple tasks as invoking a webservice (even when presenting a certificate). The weird thing here is that my class "WsLoginModule" never ever gets executed.
Am I missing something?
1 answers
solution1
0 2016-03-24 15:25:46
Put the code of the login module in a JBoss module. Follow the documentation on how to do this, many examples exist for database JDBC drivers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.