In this tutorial we will learn how to configure an Elytron JDBC Realm on WildFly 11 using enterely the Web console of the application server.
WildFly 11 has much improved its Web console. As proof of concept, we will show how to configure JDBCSecurity realm using enterely the Web console against a MySQL Database.
- A MySQL Database
- A WildFly 11 installation
The first thing we will do is creating a Datasource which will connect to an existing MySQL Database
If you don't have an available MySQL Database, you can easily complete this tutorial by starting MySQL as Docker container:
$ docker run -d --name mysql -e MYSQL_USER=mysql -e MYSQL_PASSWORD=mysql -e MYSQL_DATABASE=demodb -e MYSQL_ROOT_PASSWORD=secret mysql
Now move to the WildFly 11 console and Create a new Datasource using the DataSource wizard as in the following example.
Choose the Database:
Enter the DataSource Attributes:
Pickup the Driver to be used (in our example we have deployed the MySQL Driver)
Finally, complete the Datasource configuration entering the Connection Settings
Configuring Elytron JDBC Realm
Next step will be configuring the JDBC Realm for Elytron.
A JDBCSecurity realm is a security realm implementation backed by a database based whose implementation is the class org.wildfly.security.auth.realm.jdbc.JdbcSecurityRealm
Move in the Configuration > Subsystems > Security - Elytron window:
Click on the Add button. You will need to define a JDBC Realm as in the following picture. The JDBC Realm needs to be bound against the MySQLDS Datasource we have created.
WildFly 11 Web console is able to autocomplete the text field which reference another element of the configuration. For example, just click Arrow-Down key on the Principal Query Datasource and you will be able to browse across the available Datasources
As a result, you should have now a JDBC Realm available in your configuration:
Now we need adding an Elytron Security Domain to reference our JDBC Realm. Move into the Configuration > Subsystems > Security - Elytron > Settings: Other window:
Click on Add and complete the Security Domain UI with the Name and Realm name:
As a result, you should be able to see the "jdbcdomain" in your SecurityDomain window:
Now we will need to add a new HTTP Server authentication mechanism in your Elytron configuration. Move into the Configuration > Subsystems > Security - Elytron > Settings: Factory/Transformer window:
Click on Add and define a new HTTP Authentication based on the "global" HTTP server mechanism factory and the "jdbcdomain":
Now the last step will be registering the Security Domain into Undertow web server. Move into the Configuration > Subsystems > Web/HTTP - Undertow > HTTP window and select the Application security Tab:
Click on Add. Bind the Security Domain the the Http autentication Factory we have created on the Elytron subsystem:
Now if you try to deploy an application bound to the "web-security-domain" security domain:
<jboss-web> <security-domain>web-security</security-domain> </jboss-web>
As a result, you will receive a BASIC HTTP Authentication challenge: