Create a security realm in Wildfly

Question

I want to secure some ejb hosted on my Widlfly AS, so I start creating my security-domain. I don't want to authenticate on ApplicationRealm so I define my security-realm and point it in my security-domain. I want to store credentials in a text file. Here is the code:

<security-domain name="mydomain" cache-type="default">
  <authentication>
    <login-module code="RealmDirect" flag="required"/>
    <module-option name="realm" value="myrealm"/>
    <module-option name="userProperties" value="${jboss.server.config.dir}/myrealm-users.properties"/>
    <module-option name="rolesProperties" value="${jboss.server.config.dir}/myrealm-roles.properties"/>
  </authentication>
</security-domain>

still it look like my ejb are affected by ApplicationRealm by the "other" security-domain. Can I define a custom security realm and use it by security-domain in Wildfly? If yes how can I add users to it?

Answer 1

You need a file jboss-web.xml in WEB-INF to override the default other domain. For instance:

<jboss-web>
    <security-domain>java:/jaas/mydomain</security-domain>
</jboss-web>

Then in the Wildfly config file (standalone.xml or the likes) you configure the mydomain Security Domain like you already showed. It can happily co-exist with the already present other domain.

There's an excellent post here: http://blog.eisele.net/2015/01/jdbc-realm-wildfly820-primefaces51.html

Answer 2

You can add users in management realm using add-user script. By default, users generated there are stored in file.

https://docs.jboss.org/author/display/WFLY8/Security+Realms provides information about how to create custom security realm.