Unable to use Jakarta EE 8 Security in WildFly 20

Question

I'm trying to use Jakarta EE 8 Security in my application by defining a BasicAuthenticationMechanismDefinition in a CDI Bean:

@BasicAuthenticationMechanismDefinition(
        realmName = "RealmUsersRoles")
@ApplicationScoped
public class ApplicationConfig{}

The Realm I'm using is a FileSystemRealm defined in Elytron. Next, I've specified the allowed Roles in the endpoint:

@WebServlet("/secured")
@DeclareRoles({"Administrator"})
@ServletSecurity(@HttpConstraint(rolesAllowed = { "Administrator" }))
public class SecuredServlet extends HttpServlet {

 

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
       // Do something
    }

}

I have added the following dependency to build and deploy the application on WildFly 20:

<dependency>
    <groupId>jakarta.security.enterprise</groupId>
    <artifactId>jakarta.security.enterprise-api</artifactId>
</dependency>

<dependency>
  <groupId>org.glassfish.soteria</groupId>
  <artifactId>javax.security.enterprise</artifactId>
  <version>1.0</version>
</dependency>

Upon requesting the secured resource, the following error is returned:

java.lang.IllegalStateException: Could not find beans for Type=interface javax.security.enterprise.identitystore.IdentityStore
    at [email protected]//org.glassfish.soteria.cdi.CdiUtils.getBeanDefinitions(CdiUtils.java:194)
    at [email protected]//org.glassfish.soteria.cdi.CdiUtils.getBeanReferencesByType(CdiUtils.java:158)
    at [email protected]//org.glassfish.soteria.cdi.DefaultIdentityStoreHandler.init(DefaultIdentityStoreHandler.java:51)
    at [email protected]//org.glassfish.soteria.cdi.CdiExtension.lambda$afterBean$12(CdiExtension.java:215)
    at [email protected]//org.glassfish.soteria.cdi.CdiProducer.create(CdiProducer.java:80)
    at [email protected]//org.jboss.weld.contexts.AbstractContext.get(AbstractContext.java:96)
    at [email protected]//org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)
    at [email protected]//org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
    at [email protected]//org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:102)
    at [email protected]//org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105)
    at deployment.http-basic.war//org.jboss.weldx.security.enterprise.identitystore.IdentityStoreHandler$1763020431$Proxy$_$$_WeldClientProxy.validate(Unknown Source)
    at [email protected]//org.glassfish.soteria.mechanisms.BasicAuthenticationMechanism.validateRequest(BasicAuthenticationMechanism.java:60)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)

Did I miss any dependency in my application? or maybe wrong version for the glassfish.soteria dependency?

Any help is much appreciated Thanks

Answer 1

You need to provide an implementation of javax.security.enterprise.identitystore.IdentityStore You can use LdapIdentityStoreDefinition or DatabaseIdentityStoreDefinition or provide your own bean (ApplicationScoped) which implements IdentityStore.