0

I'm switching over from the legacy security subsystem to Elytron in WildFly 14.

A particular data source is using a legacy security domain with a custom login module. The custom login module is invoked with a username and an encoded password. The custom login module implements "org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule" where decoded credentials are "returned" to the framework in the overridden commit method.

Since the legacy security subsystem is deprecated, I'd like to switch over to using Elytron and would like to implement similar credential handling. I searched around and found some discussions about creating an Elytron security domain that points to a custom security realm in which a class in a custom module would implement "org.wildfly.security.auth.server.SecurityRealm". I have yet to find any working examples and have been unable to figure this out.

Any ideas?

arp
  • 1
  • What is the purpose of your custom login module? First try to ensure Elytron does not fullfill your needs out of box. Are you just trying to avoid having plaintext password in configuration? If yes Elytron has Credential Store for that purpose, something similar as legacy Vault. – Martin Choma Nov 08 '18 at 13:30
  • Thanks. Yes, am currently working with the Credential Store. Basically, I want to retrieve the password for the datasource from an external source (say, AWS Secrets Manager). I've implemented a rough solution using a custom credential store that goes out to AWS Secrets Manager to fetch the password for the database. Not sure if this is a roundabout way of doing what I need, but it works. Perhaps, I could consider running WildFly in domain mode and have a single credential store for a cluster of servers? – arp Nov 08 '18 at 23:29
  • This could work if you have Credential Store on some shared storage, e.g. network filesystem. WildFly is not responsible of distributing Credential Stores in domain. – Martin Choma Nov 12 '18 at 14:28

0 Answers0