The ee-security
quickstart demonstrates how EE security can be used with WildFly Elytron.
The ee-security
quickstart is an example project showing the use of EE security integrated with WildFly Elytron in {productNameFull}.
The deployment in this quickstart contains a simple HTTP servlet, which is secured using a custom HttpAuthenticationMechanism
. The authentication mechanism in turn makes use of a custom IdentityStore
, which delegates authentication to the WildFly Elytron SecurityDomain
associated with the deployment.
This quickstart defines a user quickstartUser
with password quickstartPwd1!
.
You configure the security domain by running JBoss CLI commands. For your convenience, this quickstart batches the commands into a configure-elytron.cli
script provided in the root directory of this quickstart.
-
Before you begin, make sure you do the following:
-
Back up the {productName} standalone server configuration as described above.
-
Start the {productName} server with the standalone default profile as described above.
-
-
Review the
configure-elytron.cli
file in the root of this quickstart directory. This script adds the configuration that enables Elytron security for the quickstart components. Comments in the script describe the purpose of each block of commands. -
Open a new terminal, navigate to the root directory of this quickstart, and run the following command, replacing
{jbossHomeName}
with the path to your server:$ {jbossHomeName}/bin/jboss-cli.sh --connect --file=configure-elytron.cli
NoteFor Windows, use the {jbossHomeName}\bin\jboss-cli.bat
script.You should see the following result when you run the script:
The batch executed successfully process-state: reload-required
The application will be running at the following URL: http://localhost:8080/{artifactId}/secured
Note
|
If you attempt to access that URL, you will see "Unauthorized". |
To see and manipulate the HTTP headers within the HTTP requests, it is recommended to use a client like curl
to invoke the servlet.
$ curl -v http://localhost:8080/ee-security/secured
...
< HTTP/1.1 401 Unauthorized
< Connection: keep-alive
< X-MESSAGE: Please resubmit the request with a username specified using the X-USERNAME and a password specified using the X-PASSWORD header.
This first request shows the client is being prompted to authenticate. The X-MESSAGE
header is providing additional information as to how the client can achieve this.
The request can now be submitted with the previously added user.
$ curl -v http://localhost:8080/ee-security/secured -H 'X-Username:quickstartUser' -H 'X-Password:quickstartPwd1!'
...
> GET /ee-security/secured HTTP/1.1
> Host: localhost:8080
> X-Username:quickstartUser
> X-Password:quickstartPwd1!
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 125
<
SecuredServlet - doGet()
Identity as available from SecurityContext 'quickstartUser'
Identity as available from injection 'quickstartUser'
The resulting output shows authentication was successful and the correct identity has been established.