All geek questions in one place

Using custom authorization manager in WildFly

I have already managed to use a custom login module. Now I'm trying to tell WildFly to use my own authorization manager using the following code:

JBoss-web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>CustomSecurityDomain</security-domain>
</jboss-web>

standalone.xml:

        ...
        <subsystem xmlns="urn:jboss:domain:security:1.2">
            <security-domains>
                ...
                <security-domain name="CustomSecurityDomain" cache-type="default">
                    <authentication>
                        <login-module code="my.CustomLoginModule" flag="required">
                            <module-option name="usersProperties" value="user.properties"/>
                            <module-option name="rolesProperties" value="roles.properties"/>
                        </login-module>
                    </authentication>
                    <authorization>
                        <policy-module code="my.CustomAuthorizationManager" flag="required"/>
                    </authorization>
                </security-domain>
            </security-domains>
        </subsystem>
        ...

CustomAuthorizationManager.java:

package my;

import java.util.List;

import javax.servlet.http.HttpServletRequest;

import io.undertow.security.idm.Account;
import io.undertow.servlet.api.AuthorizationManager;
import io.undertow.servlet.api.Deployment;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.SingleConstraintMatch;
import io.undertow.servlet.api.TransportGuaranteeType;

public class CustomAuthorizationManager implements AuthorizationManager {

    @Override
    public boolean canAccessResource(List<SingleConstraintMatch> arg0, Account arg1, ServletInfo arg2, HttpServletRequest arg3, Deployment arg4) {
        // do something
        return false;
    }

    @Override
    public boolean isUserInRole(String arg0, Account arg1, ServletInfo arg2, HttpServletRequest arg3, Deployment arg4) {
        // do something
        return false;
    }

    @Override
    public TransportGuaranteeType transportGuarantee(TransportGuaranteeType arg0, TransportGuaranteeType arg1, HttpServletRequest arg2) {
        // do something
        return null;
    }

}

Using the debugger and setting breakpoints in my own CustomAuthorizationManagerand the default implementation io.undertow.servlet.core.DefaultAuthorizationManager, I could see that instead of my custom implementation, it was using the default value. It seems like WildFly is ignoring the configuration in standalone.xml.
Setting the WildFly debug level to TRACE showed that my CustomAuthorizationManager was deployed correctly. I tried using WildFly 9 and 10, both behave the same.

- , ?

+4

Source: https://habr.com/ru/post/1655334/

More articles:


All Articles