Custom resources equivalent to jetty JNDI resource - glassfish

I have a web application which is until now deployed to a jetty server but now in order to use other JavaEE services I'm shifting to Payara (Glassfish) container. However I can't find how to provide additional JNDI resources as configuration to paraya.
Currently I have some resources like this defined in my jetty's context.xml file:
<New id="some_resource" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg>
<Ref refid='wac'/>
</Arg>
<Arg>resource/path</Arg>
<Arg>
<New class="com.example.some.Class">
<!-- constructor parameters -->
<Arg type="java.lang.String">some string</Arg>
<Arg type="java.lang.Integer">0</Arg>
</New>
</Arg>
</New>
this simply calls the custom class constructor with given parameters and puts the result into given resource/path address.
Is this possible to be done in payara micro?

It's possible to create a custom resource that is exposed via JNDI, though GlassFish/Payara support only primitive types by default. For other types you would need to add a custom factory in the server classpath.
Custom resources in Payara/GlassFish are defined in domain.xml, in element custom-resource. Best way to define a custom resource is either using Admin Console (Resources -> JNDI -> Custom resources) or asadmin command.
For a string value "some string" under a JNDI resource/path, the asadmin would look like this:
asadmin> create-custom-resource --restype java.lang.String --factoryclass org.glassfish.resources.custom.factory.PrimitivesAndStringFactory --property value="some string" "resource/path"
In Payara Micro, you can either pass domain.xml using --domainConfig argument, or you can execute the same asadmin command from within your application, using PayaraMicroRuntime.run() (documented here)

Related

Jetty: load a server bean from war before initialization

I have a webapp being loaded from a Jetty server.
I want to load a bean implementing a MappedLoginService inside the webapp (not from the server) before the webapp starts loading.
Is there any way?
I tried to load the bean in the webapp post-construct and in webapp application class (javax.ws.rs.Application), without success.
Put the initialization in the WEB-INF/jetty-web.xml file.
That will load it during WebApp initialization, before the Servlet layer initialization kicks off.
I follow Joakim answer creating a WEB-INF/jetty-web.xml file and it worked. I just want to extend the answer adding a sample jetty-web.xml that prints something before servlet is initiated:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="context" class="org.eclipse.jetty.webapp.WebAppContext">
<Get class="java.lang.System" name="out">
<Call name="println">
<Arg>Hello world!</Arg>
</Call>
</Get>
</Configure>
More information about jetty-web.xml syntax here.

Wildfly 17 Elytron: server side authentication with classes from EAR

We plan to migrate from Picketbox to Elytron and face the following problem:
With Picketbox a custom login module can use functionality of (or even can reside in) a deployment module (e.g. an EAR in wildfly/standalone/deployments) to implement authentication on the server side:
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
...
<security-domain name="MyDomain" cache-type="default">
<authentication>
<login-module name="MyLoginModule" code="de.example.wildfly.MyLoginModule" flag="required" module="deployment.de.example.wildfly.login"/>
</authentication>
</security-domain>
My first try was to use a custom realm in Elytron. But as far as I understand, a custom realm needs to be a "static" module (meaning it is located under wildfly/modules/...) and thus cannot access "dynamically" deployed modules (see https://developer.jboss.org/message/984198#984198).
<subsystem xmlns="urn:wildfly:elytron:7.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
...
<security-domains>
<security-domain name="MyDomain" default-realm="MyRealm" permission-mapper="default-permission-mapper">
<realm name="MyRealm" role-decoder="from-roles-attribute" />
</security-domain>
</security-domains>
<security-realms>
...
<custom-realm name="MyRealm" module="de.example.wildfly.login" class-name="de.example.wildfly.MyCustomRealm" />
(I omitted some more of the security domain configuration)
When I try to load a Spring context (that is located in an EAR in order to access some custom classes from the EAR) in MyCustomRealm, I get the following error:
org.springframework.beans.factory.access.BootstrapException: Unable to initialize group definition. Group resource name [classpath:applicationContext-appServerBase.xml], factory key [applicationContextEjb]; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [applicationContext-appServerBase.xml]; nested exception is java.io.FileNotFoundException: class path resource [applicationContext-appServerBase.xml] cannot be opened because it does not exist
Which is no surprise, because my realm does not depend on the ear or any jar from therein, where the application context is located.
How can authentication (specifically for EJB calls) be customized on server side by using classes from a deployment module (EAR) in Elytron?
Maybe https://github.com/AntonYudin/wildfly-securityrealm-ejb is exactly what you are looking for.
It creates a SecurityRealm that can be configured with the address of an EJB that's deployed with your application.
The EJB has to be Stateless and must implement the method Map<String, Object> authenticate(String, String) which is called with a username and a password.
I guess you have to return a map that contains all roles and groups the user belongs to or null if the credentials are invalid.

unable to set security domain via jboss-web.xml

We have an app that is being deployed as an ear. Within this ear, there is a war that needs to use a specific security domain.
To achieve this, we have configured the standalone-full-ha.xml with the following security section
<security-domain name="ourDomain" cache-type="default">
<authentication>
<login-module code="blah.blah.OurDomain" flag="required" />
</authentication>
</security-domain>
ear/war/WEB-INF/jboss-web.xml is configured as follows:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>Quark</security-domain>
<disable-audit>true</disable-audit>
</jboss-web>
With this configuration, the app tries to authenticate against the "other" domain which is there in JBoss by default.
log entries as follows:
TRACE [org.jboss.security] (http-/127.0.0.1:8080-6) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=password-stacking, value=useFirstPass
When trying to define this as part of the ear in ear/META-INF/jboss-app.xml, that made the whole thing blow up pretty spectacularly - so figured that was less likely to be the way to resolve this.
If the default security domain is changed to ourDomain however, it all works as expected.
This doesn't seem to be a big deal - however, it feels better to be able to leave as much of the configuration in the app as possible.
Any pointers to resolve this appreciated.
Your security domain name specified in jboss-web.xml needs to match the name of some security domain in your JBoss config, in your case the web descriptor specifies Quark while the security subsystem defined domain named ourDomain.
Whenever JBoss can not find the security domain you request in your jboss-web.xml, it will fallback to the default security domain, which in case of 7.x is named other.

Arquillian tomee remote

Using Arquillian 1.1.4.Final and Tomee 1.6.0.2
Took the tomee-plus-remote profile setup from the Tomee information about arqullian adapters and put it into the Maven pom.xml (with activeByDefault true).
Goal is to deploy a MQ JCA rar into the remote Tomee and configure a connection factory to MQ.
Set the arqullian.xml initially to:
<container qualifier="tomee" default="true">
<configuration>
<property name="httpPort">-1</property>
<property name="stopPort">-1</property>
</configuration>
</container>
Running via JUnit not sure why the webprofile is initialized and started rather than plus (when I have tomee plus specified in Maven):
Info: Succeeded in installing singleton service
jun 11, 2014 11:07:52 FM org.apache.openejb.config.ConfigurationFactory init
Info: openejb configuration file is 'C:\Users\MYG\AppData\Local\Temp\arquillian-apache-tomee\apache-tomee-webprofile-1.6.0.2\conf\tomee.xml'
Another thing is how to load a tomee.xml configuration. Thought, the "serverXml" in the arquillian.xml (set to src/test/resources/tomee.xml) would work but then everything inside that xml is not recognized as a valid rule. Can't add directives like Deployments as one does with resources. So how to configure the remote tomee from arquillian?
Yeah, tomee.xml was not really designed for arquillian.xml since all its config can be passed to properties attribute of tomee container using properties format
By adding a conf property to the arquillian.xml to for example src/test/conf where there is a tomee.xml file then it is loaded. This must be Tomee thing that I didn't know about until now.

Enabling authentication realm in jetty 8

I tried to follow the offical tutorial to enable MD5 authentication for my only web-app running on jetty. Nginx manages ssl and redirects to jetty
I placed
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">My Realm</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
In jetty.xml, and the content of realm.properties are :
test: MD5:098f6bcd4621d373cade4e832627b4f6,user
In the tutorial they do not tell where to assign the realm to a context so I don't know where to place this :
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="realmName">My Realm</Set>
</Get>
</Configure>
I tried to put in in jetty-context.xml, and in web.xml, but it is still not working. I receive a 502 (bad gateway) when I place this in jetty.xml, in the other cases I get a normal json result from the web service (Shouldn't I get a 503 - not authorized ?)
A "Context XML File" (as outlined in Configuring Security Realms) refers Webapp deployment using the ContextProvider (enabled by default on jetty-distribution).
This deploys webapps by using a XML file, usually found in ${jetty.home}/contexts/ with a description of where that webapp is located on disk, and some details on how you want that webapp deployed.
You can also use the WEB-INF/jetty-web.xml to embed this Context configuration within your WAR file.