Using Elytron Credential Stores in WildFly

The elytron subsystem allows using Credential Stores as secure storage for your credentials. Using a credential store is a replacement of the standard password vault mechanism to store passwords and other sensitive strings. Credential stores allow for easier credential management within WildFly, without having to use an external tool. It is however still possible to … Read more

Configuring TLS 1.3 on WildFly application Server

This tutorial will teach you how to configure Transport Layer Security (TLS) v.1.3 on WildFly application server. TLS 1.3 offers improved speed compared to TLS 1.2. The earlier version of TLS (1.2) required two round-trips to finish a TLS handshake. On the other hand, TLS 1.3 only needs to complete a single round-trip. This substantially … Read more

How to use failover and distributed Realms in Elytron

In this tutorial we will learn how to create failover and distributed Elytron Realms to add resilience and distribution to your identity lookup. The option to stack multiple login modules is already available in the legacy Security Model. As the legacy security model is soon going to be deprecated, all the missing features are now … Read more

Securing JBoss / WildFly Management Interfaces: the easy way

This is the second tutorial about securing WildFly. In the first one, we have discussed how to secure the HTTP channel for Web applications:  How to configure SSL/HTTPS on WildFly In this tutorial we will learn how to secure JBoss / WildFly Management interfaces using Elytron. Firstly, we will at first demonstrate how to create … Read more

Solving Invalid secret key format

This issue happens when a Java module is unable to access com.sun.crypto libraries earlier than its Classloader modules. You will typically see a Stack trace which looks like this: Caused by: Invalid secret key format at com.sun.crypto.provider.JceKeyStore.engineLoad( at Source) at org.picketbox.util.KeyStoreUtil.getKeyStore( at org.picketbox.util.KeyStoreUtil.getKeyStore( at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore( One way to solve this issue is to … Read more

How to enable certificate forwarding in WildFly

In this tutorial we will learn how to do client certificate authentications when WildFly is located behind a reverse proxy. The most common use cases for reverse proxies are: When the reverse proxy is located on a DMZ When youe Web applications are located on a VLAN (e.g. private network). When the reverse proxy reads … Read more

Configuring HTTP Basic Authentication with WildFly

In this tutorial we will learn how to configure HTTP basic authentication with WildFly. Basic authentication is a simple authentication policy built into the HTTP protocol. The client sends an HTTP request with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. As an example, in … Read more

SSL secured EJBs with Elytron

Elytron security framework enables developers to use an unified security infrastructure to authenticate/authorize your business methods but also to encrypt the communication. In this tutorial we will see how to do that both in an EJB client application which uses remote+https to secure each remote method call. The starting point of this tutorial is a … Read more

Securing EJBs with Elytron

This tutorial will demonstrate how you can configure Authentication/Authorization for your EJBs on WildFly using Elytron Security Framework. Two core authentication factories are provided as part of Elytron security framework: HTTP Authentication Factory which is obviously used for Web applications performing HTTP Authentication SASL Authentication Factory which is used for other network protocols, including standard … Read more