Alternative for NegotiationAuthenticator class from JBoss EAP 6 in WildFly 10.1?

563 views Asked by At

I was working on upgrading JBoss EAP 6 to WildFly 10.1. In our application we are using the SPNEGO authentication mechanism in jboss-web.xml.

We are using org.jboss.security.negotiation.NegotiationAuthenticator in JBoss but in WildFly this class is removed. I didn't find any alternative class or a way to implement a similar authentication mechanism.

What is the alternative for this?

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>dsds-security-domain</security-domain>
    <valve>
        <class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
    </valve>
</jboss-web> 
1

There are 1 answers

0
kwart On BEST ANSWER

You should remove the <valve> element completely from the jboss-web.xml. You don't specify an alternative in WildFly 10.x. The SPNEGO works out of the box.

The authenticator is registered by Undertow integration part in WildFly.

It should even work in WildFly 10.1 without change in the jboss-web.xml. If you leave the NegotiationAuthenticator entry in the file You will see just a warning message in the server log.

The only important change you have to care about is the <login-config> part of web.xml deployment descriptor. Now the SPNEGO name is mandatory value in <auth-method>:

<login-config>
    <auth-method>SPNEGO</auth-method>
</login-config>