What is the simplest way to add application users in a Thorntail WildFly server?

前端 未结 2 1937
不知归路
不知归路 2021-01-25 12:09

As said in the title, is there a way to add application users in Thorntail WilFly server, much like you would do with \"add-user.sh -a\" script in the full server distribution?

相关标签:
2条回答
  • 2021-01-25 12:54

    It depends on for what you need the users? Thorntail creates standalone Microservices, which are different to hosted applications in a wildfly-server.

    Is there are a management console in thorntail?

    Yes there is, but I have never used it.

    https://docs.thorntail.io/2.2.0.Final/#_management

    https://docs.thorntail.io/2.2.0.Final/#_management_console

    The users you maybe able to create there shouldn't be persistent, because there is no wildfly-server installation as you are used to with a standalone wildfly-server installation, it is all packaged in the jar. A Microservice shouldn't need to be configured after its deployment anymore, at least not like this.

    How to secure my application?

    I would recommend to use an external user management via keycloak, which is integrated in thorntail via the keycloak fraction. With the keycloak fraction you can define security constraints to your endpoints similar in a web.xml.

    https://docs.thorntail.io/2.2.0.Final/#_keycloak

    Another way is to use the security fraction which provides you JAAS support for your microservice.

    https://docs.thorntail.io/2.2.0.Final/#_security

    The configuration is done via the thorntail specific project-defaults.yml configuration file, where you can configure the fractions via YAML.

    What is a thorntail fraction?

    A thorntail fraction is similar to a spring boot start dependency with spring, whereby the fraction provides the API for the developement and bundles the implementation and integration into thorntail. The fraction actually is a jboss module which is packaged into the standalone Microservice during re-packaging phase.

    Where can I find examples?

    See the following links for examples how to use security in thorntail. You should take a look at them.

    https://github.com/thorntail/thorntail-examples/tree/master/security

    Take a look at the src/main/resources/projects-defaults.yml which contains the configuration for thorntail fractions and the pom.xml which defines the used fractions.

    0 讨论(0)
  • 2021-01-25 12:59

    The answer by Thomas Herzog is very good from a conceptual point of view -- I'd especially agree with securing the application using an external Keycloak, potentially with the help of MicroProfile JWT. I'm just gonna provide a few points in case you decide not to.

    You can define users directly in project-defaults.yml, like this:

    thorntail:
      management:
        security-realms:
          ApplicationRealm:
            in-memory-authentication:
              users:
                bob:
                  password: tacos!
            in-memory-authorization:
              users:
                bob:
                  roles:
                  - admin
    

    The project-defaults.yml file doesn't have to be external to the app, you can build it directly into it. Typically, in your source code, the file will be located in src/main/resources, and after building, it will be embedded inside the -thorntail.jar. It can be external, of course, and if this is something else than a throwaway prototype or test, sensitive data like this should be external.

    You can also use the .properties files from WildFly:

    thorntail:
      management:
        security-realms:
          ApplicationRealm:
            properties-authentication:
              path: .../path/to/application-users.properties
            properties-authorization:
              path: .../path/to/application-roles.properties
    
    0 讨论(0)
提交回复
热议问题