We have an application that deploys like an ear. Inside this ear there is a war that must use a specific security domain.
To do this, we configured a standalone full ha.xml with the following security section
<security-domain name="ourDomain" cache-type="default"> <authentication> <login-module code="blah.blah.OurDomain" flag="required" /> </authentication> </security-domain>
ear / war / WEB-INF / jboss-web.xml is configured as follows:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>Quark</security-domain> <disable-audit>true</disable-audit> </jboss-web>
In this configuration, the application attempts to authenticate against the "other" domain, which is located in JBoss by default.
write records as follows:
TRACE [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule ControlFlag: LoginModuleControlFlag: optional Options: name=password-stacking, value=useFirstPass [1] LoginModule Class: org.jboss.as.security.RealmDirectLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=password-stacking, value=useFirstPass
When trying to define this as part of the ear in the ear / META -INF / jboss-app.xml, it made it all explode quite spectacularly - so it turned out that there would hardly be a way to solve this.
If the default security domain is changed to ourDomain , however, everything works as expected.
This does not seem to matter much - however, itβs better to feel that you can leave as many settings as possible in the application.
Any pointers to solve this problem.