Java Reference
In-Depth Information
The WildFly security subsystem
WildFly security qualifies as an extension to the application server and is included, by de-
fault, both in standalone and domain servers using the following code:
<extension module="org.jboss.as.security"/>
WildFly defines security policies using two terms: security realms and security domains.
Security realms are configuration sets mapped to external connectors (for example, EJB re-
moting and management interface). They allow every connection type to have its own ap-
propriate authentication and authorization properties defined. For instance, both manage-
ment and application realms define two separate files, which store the allowed usernames.
Additionally, the application realm contains a reference to a file that defines user role.
The configuration defined in the security realm is then passed to a security domain reques-
ted by the deployed application. The security domain defines a set of login modules that are
responsible for checking the user's credentials and creating a security principal representing
the client (along with a set of roles for the requester).
The following is an extract from the default security subsystem contained in the server con-
figuration file, which contains the
RealmDirect
login that will be used in the next sec-
tion to secure the Ticket example application:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting"
flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect"
flag="required">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
