WildFly- Basic, form and no Authentication

Question

Is it possible to configure wildfly such that users and agents have "optional" security?

In essence I want form authentication for a web page, silent basic authentication for my services. Most unfortunately, one component of my ecosystem cannot call with basic headers.

That being said I have a work around but it will take some time to implement. For the time being I would desire to basically have optional security. So everything can play nice in the interim.

I know I could change my authentication module to allow everyone through. But with form turned on, requests without a basic header ram back the web page to log in with.

Thanks for any good tips or tricks.

Answer 1

Edit: This would be possible with Spring Security. Using WildFly's inbuilt security mechanisms with undertow seems to limit your flexibility. So much is handled up front before you reach your code, you really are stuck.

However, with spring security, everything is implemented as filters and so you can check the request context for user agents and all kinds of things, and make decisions about each request as you want.

Obviously this wouldn't be a production solution but in development, like was my case, I could have let any request with user agent XYZ run as admin, for the time being.

I have since migrated to Spring Security for our web app security management.

So the short answer is no. The short answer is still no, but the slightly longer answer is to stop using Wildfly's in built security and use Spring Security.

In the long run you could probably create your own undertow servlet extension that would validate authentication or default to admin credentials. This is going to be a lot of work, and spring security has already done a lot of work for you.

We ended up spinning up duplicate of our services without any authentication that our trailing component could call in the meantime. If you don't want to use spring security this is still the best solution I have