This demo shows how to use use the ANONYMOUS SASL authentication mechanism from Elytron as replacement for unauthenticatedIdentity login module option in WidlFly legacy security.
We want to send a message from JMS client without authentication, so we want to allow anonymous access and grant "guest" role (used in messaging-activemq configuration) to incoming clients.
The client code in this demo is based on helloworld-jms WildFly quickstart.
Download and install WildFly 11.x.
You can also build the server yourself:
git clone https://github.com/wildfly/wildfly.git
cd wildfly
mvn clean source:jar install -DskipTests -Dcheckstyle.skip -Denforcer.skip
cp -r dist/target/wildfly-11.*-SNAPSHOT /tmp/wildfly
export JBOSS_HOME=/tmp/wildfly
The configuration JBoss CLI script demo.cli contains commands to configure the server:
- enable Elytron across the server
- allow
ANONYMOUSSASL mechanism for remoting connections - remove part of Elytron configuration which is dropping
LoginPermissionfromanonymoususer - add "guest" role mapper to the ApplicationDomain Elytron security domain
- add a test queue
The script starts embedded server itself, so you should not start it manually.
$JBOSS_HOME/bin/jboss-cli.sh --file=demo.cliCustom wildfly-config.xml is used on classpath to allow all SASL mechanisms.
The important part is the authentication configuration which allows using of all SASL mechanisms available.
<configuration name="authn">
<allow-all-sasl-mechanisms />
<use-service-loader-providers />
</configuration>$JBOSS_HOME/bin/standalone.sh -c standalone-full.xmlmvn clean package exec:java