We've got an application with several web services annotated with @SecurityDomain("our-ws") (I've also tried setting this in jboss-web.xml). For example:
@Stateless
@Interceptors(OurTransactionInterceptor.class)
@WebService(targetNamespace = "...", portName = "AddStuff", serviceName = "AddStuffService")
@SOAPBinding(parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
@WebContext(authMethod = "BASIC", contextRoot = "/service", urlPattern = "/AddStuffService")
@SecurityDomain("our-ws")
public class AddStuffService { ... }
We are upgrading to Wildfly 26, and attempting to use elytron following the example from WildFly Elytron Security, section 4.1.3. However, on startup, I'm getting an error like:
13 Jan 2023 11:26:01,763 ERROR [management-operation Controller Boot Thread] WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "service.war")]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.our-ws"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.deployment.unit.\"service.war\".component.AddStuffService.CREATE is missing [jboss.security.security-domain.our-ws]"]
}
In standalone.xml, under <subsystem xmlns="urn:wildfly:elytron:15.1"...> We've got a datasource, which I'll call 'ourDS' (not shown) used by a jdbc-realm, jdbc:
<jdbc-realm name="jdbc">
<principal-query sql="SELECT password FROM CFG_WS_USERS_T WHERE username=?" data-source="evercoreDS">
<clear-password-mapper password-index="1"/>
</principal-query>
<principal-query sql="SELECT roles from CFG_WS_ROLES_T r join CFG_WS_USERS_T u on u.WS_USERS_PK=r.WS_USERS_FK where u.username=?" data-source="ourDS">
<attribute-mapping>
<attribute to="roles" index="1"/>
</attribute-mapping>
</principal-query>
</jdbc-realm>
And a security-domain for those web services:
<security-domain name="our-ws" default-realm="jdbc" permission-mapper="default-permission-mapper">
<realm name="jdbc" role-decoder="groups-to-roles"/>
</security-domain>
So I don't get why jboss.security.security-domain.our-ws is not installed (unless, maybe, it is looking for it in the legacy security configuration.).
How, do I get the SecurityDomain annotation (or the security-domain tag in jboss-web.xml) to refer to the elytron configuration, or why would my security-domain under elytron not be installed?
EDIT: In response to @ehsavoie's comment, I'll note that, per section 4.1.3 of the doc, we also have an http-authentication-factory and application-security-domain:
<http-authentication-factory name="our-ws-http-auth" security-domain="our-ws" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="our-ws"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<application-security-domains>
<application-security-domain name="defaultASD" security-domain="ApplicationDomain"/>
<application-security-domain name="our-ws-appsecurity-domain" http-authentication-factory="our-ws-http-auth"/>
</application-security-domains>
(I'm a bit confused by the mechanism-realm realm-name="our-ws", since our-ws is not a security-realm, but a security-domain, but it follows the documentation - again section 4.1.3-- and I also tried using the jdbc security-realm there, with the the same error.)