Stack Overflow
Stack Overflow

Questions tagged [jakarta-ee-security-api]

23 questions
3
votes
1 answer

Why does this simple Jakarta Security example from Soteria work on Payara but not on WildFly?

I'm used to using WildFly for Java/Jakarta EE development and lately I wanted to update a project that is using JAAS for authentication/authorization to the new Jakarta Security API from Jakarta EE 9.1. I couldn't make it work, so I decided to…
Vítor E. Silva Souza
  • 1,575
  • 1
  • 18
  • 23
2
votes
0 answers

Jakarta EE 10 - OIDC and Programatic Login?

Since Jakarta EE 10 it is easily possible to protect your web application with OpenID Connect, using the new @OpenIdAuthenticationMechanismDefinition annotation. This works perfect and is quite easy to use. As a user you will be redirected to your…
Ralph
  • 4,500
  • 9
  • 48
  • 87
2
votes
1 answer

How to activate my own Jakarta HttpAuthenticationMechanism implementation in Jakarta EE app

I am creating an simple Jakarta EE 9 app. Because of my own reason, I have to implement my own HttpAuthenticationMechanism (I am not using built-in HttpAuthenticationMechanism CDI beans). I am having an issue with activating my own…
LHA
  • 9,398
  • 8
  • 46
  • 85
2
votes
1 answer

wildfly 25 JSF Security

I'm fully aware that wildfly 25 has dropped legacy security realms. So I tried to move from wildfly 20.0.1 to wildfly 25.0.1. According to the quickstart ee-security, I did /subsystem=elytron/policy=jacc:add(jacc-policy={}) I also I had to remove…
grigouille
  • 511
  • 3
  • 14
1
vote
0 answers

How to use EL in extraParameters attribute of the @OpenIdAuthenticationMechanismDefinition?

I have a problem with defining parameters for an @OpenIdAuthenticationMechanismDefinition annotation introduced in the jakarta-ee-security-api of Jakarta EE 10. My goal is to understand the correct usage of expression language. See this…
Ralph
  • 4,500
  • 9
  • 48
  • 87
1
vote
1 answer

How to use SecurityContext in CDI Async Events

We have moved some processing logic to CDI Async Observers however some of the business methods in the observers have some security checks that use securityContext.isCallerInRole(...) to check for specific roles. Since the securityContext is not…
DaveB
  • 2,953
  • 7
  • 38
  • 60
1
vote
1 answer

Jakarta EE 10: Why am I being asked to login again after already loggin in?

I am trying to implement role based security to a web app using Jakarta EE 10 and JSF 4.0. I currently have some resources secured with the following url pattern: /myApp/*. (details in web.xml below) I am using a custom database identity store and a…
mauvecrow
  • 35
  • 5
1
vote
1 answer

Integrating Spring Security with Jakarta EE 8 Security and JSF?

A current application running in Wildfly (Jboss) uses its own Authentication system that internally verifies passwords and credentials on its Database. This system is no longer viable for the future as we migrate to a microservices pattern,…
tomaytotomato
  • 3,788
  • 16
  • 64
  • 119
1
vote
0 answers

wildfly 25 quickstart ee-security

I can't make the quickstart ee-security work with Wildfly 25.0.1. After sending the request : curl -v http://localhost:8080/ee-security/secured -H 'X-Username:quickstartUser' -H 'X-Password:quickstartPwd1!' I get this : Caused by:…
grigouille
  • 511
  • 3
  • 14
0
votes
0 answers

How to implement a Jakarta EE @DatabaseIdentityStoreDefinition

I want to update my existing Jakarta EE 8 application running in wildfly to the new Jakarta EE Securtiy API 3.0 using with Wildfly 27 My old configuration in the wildfly standalone.xml file looks like this:
Ralph
  • 4,500
  • 9
  • 48
  • 87
0
votes
0 answers

How can I use Bearer Token to secure a Jakarta REST API with Jakarta Security's @OpenIdAuthenticationMechanismDefinition?

With the WildFly server and the integrated OIDC auth-method it is possible to secure a jakarta ee 10 rest api just sending a Bearer token in the Authentication Header. I have just to config it like this in the web.xml file:
matthiaspi
  • 1
  • 1
0
votes
2 answers

Unable to deactivate context org.jboss.weld.module.web.context.http.LazyHttpConversationContextImpl when destroying request HttpServletRequestImpl

I am replacing j_security_check with my own custom login method and the user is logged in successfully, however when it is time to redirect to home page, I keep getting this error: Unable to deactivate context…
Aria
  • 389
  • 3
  • 7
  • 25
0
votes
0 answers

Validation failed for classes during persist time for groups

i'm trying to run a Springboot app and while testing it with Postman I get an error message related to the following class: Package com.portfolio.jwt.Security.Entity; import jakarta.persistence.Column; import jakarta.persistence.Entity; import…
edu1986
  • 9
  • 3
0
votes
1 answer

Ajax call is redirected to keycloak page instead of returning patrial-response redirect first

I am trying to build web application with latest possible technologies Jakarta Faces 4.0, OIDC Jakarta security, Elytron Oidc Client, Wildfly 27.0.1, Keycloak 21.0.2 (without adapter on wildfly). Page works great, when i click on a secured link it…
Janez Puntar
  • 1
  • 1
0
votes
0 answers

Wildfly 27 Redirected login results in AuthenticationStatus.SEND_CONTINUE & AnonymousCallerPrincipal

I have the same issue as in this other ticket, but I have identified that I receive SEND_CONTINUE when a redirect or forward to the login form occurs. Also, I'm using Wildfly 27.0.1, with Jakarta bindings (jakarta. namespace). Relevant…
Dominic Hilsbos
  • 1
  • 3
1
2