realm - 如何在 Elytron Wildfly 17 中使用 jdbc 领域对用户进行身份验证？

Question

我一直在研究 Wildfly 17 Elytron。我已经使用这些 jboss-cli 和以下命令对其进行了配置。

/subsystem=elytron/jdbc-realm=test-realm:add(principal-query=[{sql="SELECT hash FROM invientusers WHERE emailid = ?", data-source="dataSourcePoolName", clear-password-mapper={password-index=1}},{sql="SELECT Roles FROM Roles WHERE emailid = ?", data-source="dataSourcePoolName", attribute-mapping=[{index=1, to=roles}]}])

/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=roles)

/subsystem=elytron/security-domain=test-security-sd:add(default-realm=test-realm, realms=[{realm=test-realm, role-decoder=from-roles-attribute}], permission-mapper=default-permission-mapper)

/subsystem=elytron/http-authentication-factory=test-security-http-auth:add(http-server-mechanism-factory=global,security-domain=test-security-sd,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=test-realm}]}])

 /subsystem=undertow/application-security-domain=test-security-sd:add(http-authentication-factory=test-security-http-auth)

/subsystem=elytron/sasl-authentication-factory=test-sasl-authentication:add(sasl-server-factory=configured,security-domain=test-security-sd,mechanism-configurations=[{mechanism-name=PLAIN}])

/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory,value=test-sasl-authentication)

/subsystem=ejb3/application-security-domain=test-domain:add(security-domain=test-security-sd)

Ejb代码

@SecurityDomain("test-domain")
public class SecuredEJB {

web.xml

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>test-sasl-authentication</realm-name>
</login-config>

我希望这段代码能够使用 JDBC 测试领域进行验证。但它使用基于文件的默认领域进行 ejb 验证。

Answer 1

You also need to add the domain mapping in the EJB3 subsytem:

/subsystem=ejb3/application-security-domain=other:add(security-domain=test-security-sd)

Take a look at this example on how to secure EJBs using the File System Realm. The script configure-elytron.cli has all the management operations you will need to configure your server. Most steps should be applicable to your scenario, except you are configuring a JDBC realm instead.