Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
124 lines (90 sloc) 4.86 KB

ee-security: Using EE Security with WildFly Elytron

The ee-security quickstart demonstrates how EE security can be used with WildFly Elytron.

What is it?

The ee-security quickstart is an example project showing the use of EE security integrated with WildFly Elytron in {productNameFull}.

The deployment in this quickstart contains a simple HTTP servlet, which is secured using a custom HttpAuthenticationMechanism. The authentication mechanism in turn makes use of a custom IdentityStore, which delegates authentication to the WildFly Elytron SecurityDomain associated with the deployment.

This quickstart defines a user quickstartUser with password quickstartPwd1!.

Configure the Server

You configure the security domain by running JBoss CLI commands. For your convenience, this quickstart batches the commands into a configure-elytron.cli script provided in the root directory of this quickstart.

  1. Before you begin, make sure you do the following:

  2. Review the configure-elytron.cli file in the root of this quickstart directory. This script adds the configuration that enables Elytron security for the quickstart components. Comments in the script describe the purpose of each block of commands.

  3. Open a new terminal, navigate to the root directory of this quickstart, and run the following command, replacing {jbossHomeName} with the path to your server:

    $ {jbossHomeName}/bin/jboss-cli.sh --connect --file=configure-elytron.cli
    Note
    For Windows, use the {jbossHomeName}\bin\jboss-cli.bat script.

    You should see the following result when you run the script:

    The batch executed successfully
    process-state: reload-required

Access the Application

The application will be running at the following URL: http://localhost:8080/{artifactId}/secured

Note
If you attempt to access that URL, you will see "Unauthorized".

To see and manipulate the HTTP headers within the HTTP requests, it is recommended to use a client like curl to invoke the servlet.

$ curl -v http://localhost:8080/ee-security/secured
...
< HTTP/1.1 401 Unauthorized
< Connection: keep-alive
< X-MESSAGE: Please resubmit the request with a username specified using the X-USERNAME and a password specified using the X-PASSWORD header.

This first request shows the client is being prompted to authenticate. The X-MESSAGE header is providing additional information as to how the client can achieve this.

The request can now be submitted with the previously added user.

$ curl -v http://localhost:8080/ee-security/secured -H 'X-Username:quickstartUser' -H 'X-Password:quickstartPwd1!'
...
> GET /ee-security/secured HTTP/1.1
> Host: localhost:8080
> X-Username:quickstartUser
> X-Password:quickstartPwd1!
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 125
<
SecuredServlet - doGet()
Identity as available from SecurityContext 'quickstartUser'
Identity as available from injection 'quickstartUser'

The resulting output shows authentication was successful and the correct identity has been established.

You can’t perform that action at this time.