Wildfly migrate authentication to Elytron

Question

I am trying to migrate wildfly authentication to elytron and got almost everything to work as i want except for one problem.

We are using quartz scheduler to run jobs. These jobs are not bound to a caller principle. Using

SecurityContextAssociation.pushRunAsIdentity(new RunAsIdentity("My_Role", "My_User"));

i was able propagate a princple to following EJB calls. This is not working anymore, the principle is always "anonymous". Is there a way to do the same with Elytron?

score 0 · Answer 1 · answered Jan 13 '22 at 22:45

Maybe you can use some variation of following:

SecurityIdentity si = SecurityDomain.getCurrent().getCurrentSecurityIdentity();
si.createRunAsIdentity(...);

The current identity needs to have permissions for it to succeed, so if you'll get unauthorized exception you should add RunAsPrincipal permissions to that user: https://developer.jboss.org/people/fjuma/blog/2018/06/01/configuring-permissions-using-elytron-in-wildfly-13

Wildfly migrate authentication to Elytron

1 Answers1