Role-based Access Control with WildFly

Created by kylin.11th, Jan

Agenda

  • Switching between “simple” and “rbac” providers
  • Managing users, groups and their role mapping
  • Setting a predefined role to all authenticated users
  • Integrating with LDAP

Switching between “simple” and “rbac” providers

            
//
$ cp -a standalone rbac-std-node-1

$ ./bin/standalone.sh -Djboss.server.base.dir=rbac-std-node-1

/core-service=management/access=authorization:read-attribute(name=provider)
/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
:reload()

/core-service=management/access=authorization/role-mapping=SuperUser/include=wildfly:add(name=wildfly, realm=ManagementRealm,type=USER)

Managing users, groups and their role mapping

            
//
$ cp -a standalone rbac-std-node-2

/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
:reload()
/core-service=management/access=authorization/role-mapping=SuperUser/include=wildfly:add(name=wildfly,realm=ManagementRealm,type=USER)

$ ./add-user.sh --silent=true user1 password1! -sc ../rbac-std-node-2/configuration/
$ ./add-user.sh --silent=true user2 password1! -sc ../rbac-std-node-2/configuration/
$ ./add-user.sh --silent=true user3 password1! -sc ../rbac-std-node-2/configuration/
$ ./add-user.sh --silent=true user4 password1! -sc ../rbac-std-node-2/configuration/

Setting a predefined role to all authenticated users

            
//
$ cp -a standalone rbac-std-node-3

/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
:reload()
/core-service=management/access=authorization/role-mapping=SuperUser/include=wildfly:add(name=wildfly,realm=ManagementRealm,type=USER)

Integrating with LDAP

            
//

THE END