Spring Security JaasAuthenticationProvider does not see Wildfly 10 securitydomain

Question

We are migrating our code from JBoss 4.2.1 AS and Spring Security 3.2.9 to JBoss Wildfly 10.0.0 and Spring Security 4.0.4

I'm having the following problem with my Spring Security JaasAuthenticationProvider integration with JBoss Wildfly 10 security domains defined in standalone.xml: it does not execute LoginModules defined in my security-domain, actually only thing it seems to find is ClientLoginModule defined in auth.conf of wildfly 10.0.0 picketbox-4.9.4.jar (which comes as default).

My security domain configuration is as follows:

            <security-domain name="mysecdomain" cache-type="default">
                <authentication>
                    <login-module code="LdapExtended" flag="sufficient">
                        <module-options.../>
                    </login-module>
                </authentication>
            </security-domain>

And my JaasAuthenticationProvider in my application context of the deployed application:

    <bean id="jaasAuthenticationProvider" class=org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
    <property name="loginConfig" value="WEB-INF/login.conf" />
    <property name="loginContextName" value="mysecdomain"/>
    <property name="callbackHandlers">
        <list>
            <bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler" />
            <bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler" />
        </list>
    </property>
    <property name="authorityGranters">
        <list>
            <bean class="com.my.MyAuthorityGranter" />
        </list>
    </property>
</bean>

But when I execute defined jaasAuthenticationProvider, it outputs the following to Wildfly's server.log:

2016-04-27 03:37:18,367 TRACE [org.jboss.security] (default task-4) PBOX00221: Begin getAppConfigurationEntry(mysecdomain), size: 1
2016-04-27 03:37:18,368 TRACE [org.jboss.security] (default task-4) PBOX00222: getAppConfigurationEntry(mysecdomain), no entry found, trying parent config null
2016-04-27 03:37:18,368 TRACE [org.jboss.security] (default task-4) PBOX00223: getAppConfigurationEntry(mysecdomain), no entry in parent config, trying default other
2016-04-27 03:37:18,368 TRACE [org.jboss.security] (default task-4) PBOX00224: End getAppConfigurationEntry(mysecdomain), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.ClientLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:

2016-04-27 03:37:18,374 DEBUG [org.jboss.security] (default task-4) PBOX00350: Module option: jboss.security.security_domain, value: other
2016-04-27 03:37:18,374 DEBUG [org.jboss.security] (default task-4) PBOX00350: Module option: restore-login-identity, value: null
2016-04-27 03:37:18,374 DEBUG [org.jboss.security] (default task-4) PBOX00350: Module option: password-stacking, value: null
2016-04-27 03:37:18,376 TRACE [org.jboss.security] (default task-4) PBOX00240: Begin login method
2016-04-27 03:37:18,387 TRACE [org.jboss.security] (default task-4) PBOX00351: Obtained auth info from handler, principal: xxxxx, credential class: class [C
2016-04-27 03:37:18,388 TRACE [org.jboss.security] (default task-4) PBOX00241: End login method, isValid: true
2016-04-27 03:37:18,388 TRACE [org.jboss.security] (default task-4) PBOX00242: Begin commit method, overall result: true

So obviously, I'm doing something wrong but cannot figure out what? Above worked nicely in JBoss 4.2.1 and application-policies defined in login-config.xml, but not anymore

Answer 1

Found the solution: in new Spring Security (4.0.4 was version here) one needs to add following property to JaasConfigurationProvider, otherwise it will remove already uploaded configurations (security-domains) and replace them with picketbox default configuration:

<property name="refreshConfigurationOnStartup" value="false"/>

Now it works like charm and provider can see all defined security-domains