0

Using steps from https://docs.wildfly.org/23/WildFly_Elytron_Security.html#Custom_CredentialStore

Created a SPI and Provider implementation. For now, just simple implementation with logs to see if it works.

Now I don't know how to add this do WildFly.

I packaged it into a module and:

  1. tried to add a <extension module=...> ref on standalone.xml, but than it complains that it is not an extension;
  2. tried to add as subsystem=domain:ee/global-modules/module, there is no error, but nor SPI or Provider have a hit;
  3. tried to add as subsystem=elytron/provider-loader, then Provider is called (twice ??), but SPI not.

So, using provider-loader, how to use my custom provider?

Here a snippet of Provider impl:

// used WildFlyElytronCredentialStoreProvider as reference
public class TestCredentialStoreProvider extends WildFlyElytronBaseProvider {

    private static final TestCredentialStoreProvider INSTANCE = new TestCredentialStoreProvider ();

    public TestCredentialStoreProvider () {
        super("TestCredentialStoreProvider ", "1.0", "Test CredentialStore Provider");

        putService(new Service(this, "CredentialStore", "TestCredentialStore", "package.TestCredentialStore", emptyList, emptyMap));
    }

    public static TestCredentialStoreProvider getInstance() {
        return INSTANCE;
    }
}

Obs. Why provider is loaded twice?

Claudio Weiler
  • 589
  • 2
  • 15

1 Answers1

1

Create a jar and containing your credential store and provider classes, and add it as a WildFly module with a dependency on org.wildfly.security.elytron. For example:

module add --name=org.wildfly.customcredstore --resources=/path/to/customcredstoreprovider.jar --dependencies=org.wildfly.security.elytron

Create a provider loader for your provider. For example:

/subsystem=elytron/provider-loader=myProviderLoader:add(class-names=[org.wildfly.security.mycustomcredstore.CustomProvider],module=org.wildfly.customcredstore)

You can add it to the list of initial providers and reload the server

/subsystem=elytron:write-attribute(name=initial-providers,value=myProviderLoader)
reload

You can check loaded providers:

/subsystem=elytron/provider-loader=myProviderLoader:read-attribute(name=loaded-providers)

Then to add a custom credential store with the provider you can use:

/subsystem=elytron/credential-store=mystore:add(providers=myProviderLoader,type=TestCredentialStore,credential-reference={clear-text='pass'})

There is also some docs on how to add custom elytron component here: https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Custom_Components

diavil
  • 81
  • 4
  • Thanks, but this is what I already done. Difference is that my module depends on `org.wildfly.security.elytron-base`, will add your suggestion too. Now, the part "Then you should be able to create a credential store in the elytron subsystem using your custom implementation" is the real how-to? – Claudio Weiler Jul 20 '22 at 16:28
  • 1
    so if you have provider loaded: `/subsystem=elytron/provider-loader=my-provider:read-attribute(name=loaded-providers)` can you add a credential-store with it `/subsystem=elytron/credential-store=mystore:add(providers=my-provider,type=TestCredentialStore,credential-reference={clear-text='pass'})` ? – diavil Jul 21 '22 at 08:50
  • Thanks, @diavil. That is the answer: `/subsystem=elytron/credential-store=mystore:add(providers=my-provider,type=TestCredentialStore,credential-reference={clear-text='pass'})`, found it with some trial and error, too. If you can revise your answer, I will mark it as solution. – Claudio Weiler Jul 21 '22 at 15:13
  • @ClaudioWeiler I revised my answer, thanks – diavil Jul 22 '22 at 12:23