Configure an Elytron JDBC Realm on WildFly

In this tutorial we will learn how to configure an Elytron JDBC Realm on WildFly 11 using enterely the Web console of the application server.

WildFly 11 has much improved its Web console. As proof of concept, we will show how to configure JDBCSecurity realm using enterely the Web console against a MySQL Database.

Prerequisites

  • A MySQL Database
  • A WildFly 11 installation

The first thing we will do is creating a Datasource which will connect to an existing MySQL Database

If you don't have an available MySQL Database, you can easily complete this tutorial by starting MySQL as Docker container:

$ docker run -d --name mysql -e MYSQL_USER=mysql -e MYSQL_PASSWORD=mysql -e MYSQL_DATABASE=demodb -e MYSQL_ROOT_PASSWORD=secret mysql

Now move to the WildFly 11 console and Create a new Datasource using the DataSource wizard as in the following example.

Choose the Database:

eyltron tutorial jboss wildfly

Enter the DataSource Attributes:

eyltron tutorial jboss wildfly

Pickup the Driver to be used (in our example we have deployed the MySQL Driver)

eyltron tutorial jboss wildfly

Finally, complete the Datasource configuration entering the Connection Settings

eyltron tutorial jboss wildfly

Configuring Elytron JDBC Realm

Next step will be configuring the JDBC Realm for Elytron.

A JDBCSecurity realm is a security realm implementation backed by a database based whose implementation is the class org.wildfly.security.auth.realm.jdbc.JdbcSecurityRealm

Move in the Configuration > Subsystems > Security - Elytron window:

eyltron tutorial jboss wildfly

Click on the Add button. You will need to define a JDBC Realm as in the following picture. The JDBC Realm needs to be bound against the MySQLDS Datasource we have created.

eyltron tutorial jboss wildfly

WildFly 11 Web console is able to autocomplete the text field which reference another element of the configuration. For example, just click Arrow-Down key on the Principal Query Datasource and you will be able to browse across the available Datasources

As a result, you should have now a JDBC Realm available in your configuration:

eyltron tutorial jboss wildfly

Now we need adding an Elytron Security Domain to reference our JDBC Realm. Move into the Configuration > Subsystems > Security - Elytron > Settings: Other window:

eyltron tutorial jboss wildfly

Click on Add and complete the Security Domain UI with the Name and Realm name:

eyltron tutorial jboss wildfly

As a result, you should be able to see the "jdbcdomain" in your SecurityDomain window:

eyltron tutorial jboss wildfly

Now we will need to add a new HTTP Server authentication mechanism in your Elytron configuration. Move into the Configuration > Subsystems > Security - Elytron > Settings: Factory/Transformer window:

eyltron tutorial jboss wildfly

Click on Add and define a new HTTP Authentication based on the "global" HTTP server mechanism factory and the "jdbcdomain":

eyltron tutorial jboss wildfly

Now the last step will be registering the Security Domain into Undertow web server. Move into the Configuration > Subsystems > Web/HTTP - Undertow > HTTP window and select the Application security Tab:

eyltron tutorial jboss wildfly

Click on Add. Bind the Security Domain the the Http autentication Factory we have created on the Elytron subsystem:

eyltron tutorial jboss wildfly

 

Now if you try to deploy an application bound to the "web-security-domain" security domain:

<jboss-web>
<security-domain>web-security</security-domain>
</jboss-web>

As a result, you will receive a BASIC HTTP Authentication challenge:

elytron wildfly tutorial

0
0
0
s2smodern

Related articles available on mastertheboss.com

JBoss security framework

Security is a fundamental part of any enterprise application .The

Configure JBoss with LDAP

In this tutorial we will show how to connect JBoss AS 7 (and earl

Configuring Single Signon on JBoss AS 7

This tutorial describes how to configure Single Signon for a JBos

Securing AS 7 applications using the ApplicationRealm

JBoss AS 7 and the EAP 6 provide out of the box a Security Domain

Securing access to JBoss-WildFly Management console

In this tutorial we will demonstrate how to secure access to the

Configuring a MongoDB Login Module

Creating a Login Module with JBoss AS 7 or WildFly can be done by

Follow us on Twitter