SSL secured EJBs with Elytron

Elytron security framework enables developers to use an unified security infrastructure to authenticate/authorize your business methods but also to encrypt the communication. In this tutorial we will see how to do that both in an EJB client application which uses remote+https to secure each remote method call. The starting point of this tutorial is a … Read more

Securing EJBs with Elytron

This tutorial will demonstrate how you can configure Authentication/Authorization for your EJBs on WildFly using Elytron Security Framework. Two core authentication factories are provided as part of Elytron security framework: HTTP Authentication Factory which is obviously used for Web applications performing HTTP Authentication SASL Authentication Factory which is used for other network protocols, including standard … Read more

Using Java EE Security Manager with WildFly

One feature of Java EE not known by every developer is the Java EE Permission declaration. As a matter of fact, every Java EE product must be now capable of running with a Java security manager that enforces Java security permissions, and that prevents application components from executing operations for which they have not been … Read more

Securing a Web application with LDAP and Keycloak

In the second tutorial about LDAP and WildFly we will learn how to create an LDAP based User Federation configured on Keycloak. If you are new to Keycloak please refer to the base documentation: We have also provided two tutorials which could be a good start as well: Securing WildFly Management Console with LDAP … Read more

How to create a Custom JBoss Login Module

This tutorial is a simple walk through the creation of a custom Login module with JBoss EAP 6 / WildFly application server. Note: If you want to develop a custom login module on the latest security infrastructure (Elytron) we recommend checking also this tutorial: How to create a custom Elytron Realm Getting Started with PicketBox … Read more

Configuring a MongoDB Login Module

Creating a Login Module with JBoss AS 7 or WildFly can be done by extending some of the available PicketBox Login modules. See this tutorial for a quick introduction to Custom Login modules: Creating a Custom JBoss Login Module. Here we will learn how to create a custom Login Module which used MongoDB for performing … Read more

Securing JBoss applications using the ApplicationRealm

JBoss AS 7 and the EAP 6 provide out of the box a Security Domain which can be used for securing your applications. Let’s see how to use it in a few simple steps. What is JBoss Application Realm? When applications are deployed to the application server they are associated with a security domain within … Read more

Configuring Single Signon on JBoss AS 7

This tutorial describes how to configure Single Signon for a JBoss AS 7 Web application (standalone and clustered).  The Single Signon configuration allows a centralized login configuration for corporate sites that use different Web context. In order to cofigure single signon on JBoss AS 7 we need to operate on two configuration points: The web subsystem … Read more

Configuring JBoss with PicketBox LDAP Module

In this tutorial we will show how to connect WildFly / JBoss EAP to OpenLDAP directory service using PicketBox Security Framework. For a more recent configuration (using Elytron) we recommend checking this article: How to configure an Elytron LDAP Realm on WildFly Installing LDAP OpenLDAP is a free suite of client and server tools that … Read more