Wildfly and JAAS login module

Question

I\'m playing with Wildfly-9.0.1.Final and JAAS but I\'m not having so much fun.. I implemented my custom login module:

public class         


        

Answer 1

It's probably an issue (or feature) of the WildFly. I've reported it as WildFly JIRA WFLY-5569.

You can still use standard servlet authentication which works correctly.

Add WEB-INF/jboss-web.xml file to your deployment:

<jboss-web>
    <security-domain>MongoLoginRealm</security-domain>
</jboss-web>

Adjust your code to use HttpServletRequest.login(String, String) method

@Context
private HttpServletRequest req;

@POST
@Path("/login")
@PermitAll
@Consumes(MediaType.APPLICATION_JSON)
public Response login(User userCredentials) {
    try {
        req.login(userCredentials.getUserName(),
            userCredentials.getPassword());
        Subject subject = org.jboss.security.SecurityContextAssociation.getSubject();
        Optional<Group> rolesGroup = subject.getPrincipals(Group.class).stream().filter(p -> "Roles".equals(p.getName()))
                .findFirst();
        if (rolesGroup.isPresent()) {
            List<String> roleNames = Collections.list(rolesGroup.get().members()).stream().map(p -> p.getName())
                    .collect(Collectors.toList());
            // ...
        } else {
            // ...
        }
    } catch (ServletException e) {
        log.error("login fails.", e);
        return Response.status(Status.FORBIDDEN).entity("Not logged")
            .type(MediaType.APPLICATION_JSON_TYPE).build();
    }
}

Answer 2

My application can't find the module because I forgot to add Dependency to it's MANIFEST or to declare login.mongodb as a global module in Wildfly. Thanks @kwart for your suggestion and your answer, you point me to the right direction.