WildFly Elytron

New Security Features in WildFly 19

This blog post highlights the new security features that have been included in WildFly 19.

Support for MicroProfile JWT 1.1

Support has been added for the Eclipse MicroProfile JWT RBAC 1.1.1 specification with the addition of a new microprofile-jwt-smallrye subsystem. Traditionally, security for deployments would depend on resources defined within the management model to access local or remote stores containing the definitions of the identities. Now, with minimal configuration contained within a deployment, MicroProfile JWT provides the ability for authenticated identities to be established from the contents of cryptographically signed JWT tokens received with each request. To get started with MicroProfile JWT, check out this quickstart.

Support for TLS 1.3

It is now possible to use TLS 1.3 with WildFly when running against JDK 11 or higher. However, there is an important caveat to be aware of. If JDK 11 is in use and if there is a very large number of TLS 1.3 requests being made, it is possible that a drop in performance (throughput and response time) will occur compared to when using TLS 1.2 with WildFly. Simply upgrading to newer JDK versions should improve performance. For this reason, the use of TLS 1.3 is currently disabled by default. It is recommended to test for performance degradation prior to enabling TLS 1.3 in a production environment. Take a look at this blog post to learn how to enable TLS 1.3.

Web Services Integration with Elytron

Elytron already provides an API and a configuration file that can be used to configure client side security for outgoing calls. It is now possible to use this Elytron client configuration with Web Services deployments. Take a look at this blog post to see how a Web Services client can make use of Elytron client configuration.

Resolution of System Properties in Permission Files

It is now possible to enable/disable the resolution of system properties in the permissions.xml and jboss-permissions.xml files. More details can be found here.

Where to Find More Information

Be sure to check out our blog posts page, where we have all our blog posts on Elytron features. If there is an Elytron topic you’d like to see a blog post on, feel free to let us know on WildFly’s user forums.

To learn more about Elytron, check out our new site.