I'm using Security Domains on JBoss 7 for EJB-Security by Annotations. E.g.
@RolesAllowed({"User", "Admin"})
Currently I declare the Security Domains in standalone.xml. This is approoriate for small things but I would like to use this kid of security with different Projects on the same JBoss Server. Therefore I'm searching for a way to declare the Security Domains outside of the standalone.xml. I thought of using Deployment Descriptors inside the war-Deployment.
According to this documentation this should be possible. but this is for JBoss 5 and seems not to work with JBoss 7.1.1. Starting JBoss throws Exception because of Parser Error. I've also seen this question but I'm not sure if this is the thing I need. I need to declare new Security Domain with Login Module somewhere outside standalone.xml.
Is there any simple solution to store Security domain Declaration and cofiguration in war-Deployment?
Thanks
Security domains are part of the JBoss EAP 6 security subsystem. All security configuration is now managed centrally, by the domain controller of a managed domain, or by the standalone server. A security domain consists of configurations for authentication, authorization, security mapping, and auditing.
Default configuration for a standalone server is stored in the EAP_HOME/standalone/configuration/standalone. xml file and default configuration for a managed domain is stored in the EAP_HOME/domain/configuration/domain. xml file.
standalone. xml file contains all the information regarding modules used by the JBOSS or wildfly. If you want to know about each and every module then read this http://wildscribe.github.io/WildFly/15.0/index.html.
For a standalone server instance the history of the active standalone. xml is kept in jboss. server. config.
I don't think this is possible at the moment in a simple way (related JIRA issue). However, you can use jboss-as-maven-plugin as a workaround:
<profiles>
        <profile>
            <id>deploy-security-domain</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <pluginManagement>
                    <plugins>
                        <plugin>
                            <groupId>org.jboss.as.plugins</groupId>
                            <artifactId>jboss-as-maven-plugin</artifactId>
                            <version>7.4.Final</version>
                            <executions>
                              <execution>
                                <id>add-security-domain</id>
                                <phase>install</phase>
                                <goals>
                                   <!-- This should work in both "standalone" and "domain" mode -->
                                   <goal>execute-commands</goal>
                                </goals>
                                <configuration>
                                  <execute-commands>
                                    <batch>true</batch>
                                    <commands>
                                      <command>/subsystem=security/security-domain=MyDomain:add(cache-type=default)</command>
                                      <command>/subsystem=security/security-domain=MyDomain/authentication=classic:add(login-modules=[{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:jboss/datasources/UserDB"),("principalsQuery"=>"select password from users where user_name=?"),("rolesQuery"=>"select role, 'Roles' from user_roles where user_name=?"),("hashAlgorithm"=>"SHA-256"),("hashEncoding"=>"base64")]}]</command>
                                    </commands>
                                  </execute-commands>
                                </configuration>
                              </execution>
                            </executions>
                        </plugin>
                    </plugins>
                </pluginManagement>
            </build>
        </profile>
</profiles>
Execution:
mvn install -P deploy-security-domain
Another option would be a CLI script, that does more or less the same thing. Check out this quickstart project for an example.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With