Adding additional security domain to standalone.xml?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Adding additional security domain to standalone.xml?

arjan.tijms
Hi,

Currently one has to "activate" JASPIC in WildFly by doing two things:

1. Adding a generic "dummy" security domain to standalone.xml
2. Referencing this domain from a jboss-web.xml within the application archive

I wonder if it would make sense to put the generic jaspic security domain by default in standalone.xml. It's always the same anyway. With the domain present in a stock WildFly it's much easier for people to start with JASPIC on WildFly.

It concerns this fragment:

 <security-domain name="jaspitest" cache-type="default">
    <authentication-jaspi>
        <login-module-stack name="dummy">
            <login-module code="Dummy" flag="optional"/>
        </login-module-stack>
        <auth-module code="Dummy"/>
    </authentication-jaspi>
 </security-domain>

Kind regards,
Arjan Tijms

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Adding additional security domain to standalone.xml?

arjan.tijms
Hi,

On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <[hidden email]> wrote:
I wonder if it would make sense to put the generic jaspic security domain by default in standalone.xml. It's always the same anyway. With the domain present in a stock WildFly it's much easier for people to start with JASPIC on WildFly.

Anyone has any thoughts on this?

WildFly currently has one of the best JASPIC implementations out there, but this relatively tiny problem is a big hurdle for usability, and especially impedes using WildFly for JSR 375 demonstrations.

Hope something can be done here.

Kind regards,
Arjan Tijms



 

It concerns this fragment:

 <security-domain name="jaspitest" cache-type="default">
    <authentication-jaspi>
        <login-module-stack name="dummy">
            <login-module code="Dummy" flag="optional"/>
        </login-module-stack>
        <auth-module code="Dummy"/>
    </authentication-jaspi>
 </security-domain>

Kind regards,
Arjan Tijms


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Adding additional security domain to standalone.xml?

Darran Lofthouse
I will have a look at what we can do, as we are transitioning to Elytron
long term we should be aiming to avoid all workarounds like this.


On 04/11/15 09:37, arjan tijms wrote:

> Hi,
>
> On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     I wonder if it would make sense to put the generic jaspic security
>     domain by default in standalone.xml. It's always the same anyway.
>     With the domain present in a stock WildFly it's much easier for
>     people to start with JASPIC on WildFly.
>
>
> Anyone has any thoughts on this?
>
> WildFly currently has one of the best JASPIC implementations out there,
> but this relatively tiny problem is a big hurdle for usability, and
> especially impedes using WildFly for JSR 375 demonstrations.
>
> Hope something can be done here.
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>     It concerns this fragment:
>
>       <security-domain name="jaspitest" cache-type="default">
>          <authentication-jaspi>
>              <login-module-stack name="dummy">
>                  <login-module code="Dummy" flag="optional"/>
>              </login-module-stack>
>              <auth-module code="Dummy"/>
>          </authentication-jaspi>
>       </security-domain>
>
>     Kind regards,
>     Arjan Tijms
>
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Adding additional security domain to standalone.xml?

arjan.tijms
Thanks a lot in advance!

Any idea on the Elytron timeline btw? Is that post EAP 7 or earlier?

Kind regards,
Arjan Tijms

On Wed, Nov 4, 2015 at 10:40 AM, Darran Lofthouse <[hidden email]> wrote:
I will have a look at what we can do, as we are transitioning to Elytron long term we should be aiming to avoid all workarounds like this.


On 04/11/15 09:37, arjan tijms wrote:
Hi,

On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <[hidden email]
<mailto:[hidden email]>> wrote:

    I wonder if it would make sense to put the generic jaspic security
    domain by default in standalone.xml. It's always the same anyway.
    With the domain present in a stock WildFly it's much easier for
    people to start with JASPIC on WildFly.


Anyone has any thoughts on this?

WildFly currently has one of the best JASPIC implementations out there,
but this relatively tiny problem is a big hurdle for usability, and
especially impedes using WildFly for JSR 375 demonstrations.

Hope something can be done here.

Kind regards,
Arjan Tijms




    It concerns this fragment:

      <security-domain name="jaspitest" cache-type="default">
         <authentication-jaspi>
             <login-module-stack name="dummy">
                 <login-module code="Dummy" flag="optional"/>
             </login-module-stack>
             <auth-module code="Dummy"/>
         </authentication-jaspi>
      </security-domain>

    Kind regards,
    Arjan Tijms




_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Adding additional security domain to standalone.xml?

Eduardo Sant´Ana da Silva
Probably EAP 7.1 according to the latest info that I've got on elytron hipchat.


>>>>>>>>>>>

Sorry by bother you guys, but what is the target distribution of the elytron, replacing JAAS among the other authentication methods?

Darran Lofthouse·10:06 AM

By using names I could even see us providing organisations a way to coordinate transitioning users passwords

David M. Lloyd·10:07 AM

or even having different passwords for different situations

Darran Lofthouse·10:12 AM

Elytron replaces JAAS as the integration point with the backing store of identities, in addition to that is also provides a set of strong authenitcation mechanisms for both HTTP and native access - other features will be identity propagation of identities between processes and a general imporovement of overall security context handling.

Here is the follow up issue for getCredentialSupport https://issues.jboss.org/browse/ELY-299

Eduardo Sant'Ana da Silva·10:14 AM

I saw that it will be on EAP 7 as well, thanks for the information

David M. Lloyd·10:15 AM

EAP 7.1 probably, but yes


2015-11-04 7:57 GMT-02:00 arjan tijms <[hidden email]>:
Thanks a lot in advance!

Any idea on the Elytron timeline btw? Is that post EAP 7 or earlier?

Kind regards,
Arjan Tijms

On Wed, Nov 4, 2015 at 10:40 AM, Darran Lofthouse <[hidden email]> wrote:
I will have a look at what we can do, as we are transitioning to Elytron long term we should be aiming to avoid all workarounds like this.


On 04/11/15 09:37, arjan tijms wrote:
Hi,

On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <[hidden email]
<mailto:[hidden email]>> wrote:

    I wonder if it would make sense to put the generic jaspic security
    domain by default in standalone.xml. It's always the same anyway.
    With the domain present in a stock WildFly it's much easier for
    people to start with JASPIC on WildFly.


Anyone has any thoughts on this?

WildFly currently has one of the best JASPIC implementations out there,
but this relatively tiny problem is a big hurdle for usability, and
especially impedes using WildFly for JSR 375 demonstrations.

Hope something can be done here.

Kind regards,
Arjan Tijms




    It concerns this fragment:

      <security-domain name="jaspitest" cache-type="default">
         <authentication-jaspi>
             <login-module-stack name="dummy">
                 <login-module code="Dummy" flag="optional"/>
             </login-module-stack>
             <auth-module code="Dummy"/>
         </authentication-jaspi>
      </security-domain>

    Kind regards,
    Arjan Tijms




_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev



--
__________________________
Eduardo Sant'Ana da Silva - Dr.
Pesquisador / Consultor de TI


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Adding additional security domain to standalone.xml?

arjan.tijms
In reply to this post by Darran Lofthouse
Hi,

On Wed, Nov 4, 2015 at 10:40 AM, Darran Lofthouse <[hidden email]> wrote:
I will have a look at what we can do,

Did you already had a chance to look at this?

And any idea of the direction? A new attribute in jboss-web.xml? Actually adding the security domain as proposed, or something else?

Kind regards,
Arjan Tijms




 

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev