TechQA.

How to migrate PicketBox LdapLoginModule to Elytron?

66 views Asked by At

This is my old code for ldap connection

This creates a javax loginModule with name "login" so when a request came through JMS, our application looks for a javax LoginContext with name "login" and calls login() with login context and a callbackhandler that handles the username/password. The username and password is provided by the message from user/GUI.

<security-domain name="login" cache-type="default">     
    <authentication>
        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
           <module-option name="java.naming.provider.url" value="${java.naming.provider.url}"/>
           <module-option name="principalDNPrefix" value="${principalDNPrefix}"/>
           <module-option name="principalDNSuffix" value="${principalDNSuffix}"/>
           <module-option name="com.sun.jndi.ldap.connect.timeout" value="${ldap.connect.timeout}"/>
        </login-module>
     </authentication>
 </security-domain>

Here is my effort for translating it into elytron: Security realms:

<security-realms>
   <ldap-realm name="ldapRealm" dir-context="ldapDirContext" direct-verification="true" allow-blank-password="true">
        <identity-mapping rdn-identifier="uid" search-base-dn="ou=company,dc=compauth,dc=comp,dc=de" />
    </ldap-realm>

    <caching-realm  name="cached-ldap" realm="ldapRealm"/>
 </security-realms>

Dir context

<dir-contexts>
    <dir-context name="ldapDirContext" url="${java.naming.provider.url}" authentication-level="none">
        <properties>
            <property name="com.sun.jndi.ldap.connect.timeout" value="${ldap.connect.timeout}"/>
         </properties>
    </dir-context>
</dir-contexts>

Security domain:

<security-domains>
    <security-domain name="login" default-realm="cached-ldap" permission-mapper="default-permission-mapper">
        <realm name="cached-ldap" role-decoder="groups-to-roles"/>
   </security-domain>
</security-domains>

I'm getting error: No LoginModules configured for "login".

WARN [org.security.login.LoginServiceAbstract] (loginJmsContainer-2) LoginServiceBean.login exception occured : javax.security.auth.login.LoginException: No LoginModules configured for login
        at javax.security.auth.login.LoginContext.init(LoginContext.java:264)
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:417)
        at gts.common.refdata.core.platform.security.login.LoginServiceAbstract.login(LoginServiceAbstract.java:83)
        at gts.common.refdata.core.platform.security.login.LoginServiceAbstract.login(LoginServiceAbstract.java:68)
        ...
java jboss wildfly java-ee-8 wildfly-26
Original Q&A
1

There are 1 answers

0
codemonkey On BEST ANSWER

The way how it works is not applicable with Elytron. There are no login modules that elytron creates that can be used in runtime. So It is easier to have a custom ldap implementation that does not depend on Elytron.

Related Questions in JAVA

Related Questions in JBOSS

Related Questions in WILDFLY

Related Questions in JAVA-EE-8

Related Questions in WILDFLY-26

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions