Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3696

Security domain configuration doesn't allow empty or missing login-module-stack

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 9.0.0.Final
    • 8.1.0.Final
    • Security
    • None

    Description

      https://bugzilla.redhat.com/show_bug.cgi?id=901075 description:

      project_key: JBPAPP6

      Adding a security domain with JASPI authentication fails if there is no (or is empty) login-module-stack. It should be possible to add custom ServerAuthModule, which doesn't use JAAS login modules.

      <security-domain name="jmx-console" cache-type="default">
      	<authentication-jaspi>
      
      		<!-- FIXME: the not empty login-module-stack must be provided even it's not used -->
      		<login-module-stack name="lm-stack">
      			<login-module code="UsersRoles" flag="required"/>
      		</login-module-stack>
      
      		<auth-module code="org.jboss.example.CustomServerAuthModule" flag="required">
      			<module-option name="option1" value="value1" />
      		</auth-module>
      	</authentication-jaspi>
      </security-domain>
      

      It should be possible to remove here the login-module-stack element.

      Attachments

        Activity

          People

            chaowan@redhat.com Chao Wang
            chaowan@redhat.com Chao Wang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: