<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Wolf,<br>
      <br>
      On 08/03/2012 03:07 PM, Wolf-Dieter Fink wrote:<br>
    </div>
    <blockquote cite="mid:501C1358.6020202@redhat.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <div class="moz-cite-prefix">Just to complete the thread.<br>
        <br>
        With AS7.2 (current upstream) the command will run successful
        with the expression (note the \ quotes of {} )<br>
        <br>
/subsystem=security/security-domain=lbank/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/lbank-users.properties,rolesProperties=$\{jboss.server.config.dir\}/lbank-roles.properties}}]<br>
        <br>
        <br>
        It will fail with former tags and EAP (7.1.3 not tested ATM)<br>
      </div>
    </blockquote>
    <br>
    Yea, that works with the current master and branch 7.1 (future
    7.1.3). The difference is that module-option expressions are not
    supported in the 7.1 branch (see PRODMGT-182 for details), but the
    CLI command to add a security domain is the same.<br>
    <br>
    I've tried adding a domain in EAP6 and after a few tries I've
    managed to do it with the following commands:<br>
    <br>
    &nbsp;./subsystem=security/security-domain=test:add(cache-type=default)<br>
    <br>
    {<br>
    &nbsp;&nbsp;&nbsp; "outcome" =&gt; "success",<br>
    &nbsp;&nbsp;&nbsp; "response-headers" =&gt; {"process-state" =&gt;
    "reload-required"}<br>
    }<br>
    <br>
./subsystem=security/security-domain=test/authentication=classic:add(login-modules=[{"code"=&gt;"UsersRoles","flag"=&gt;"required","module-options"=&gt;[("prop1"=&gt;"value1"),("prop2"=&gt;"value2")]}])<br>
    <br>
    {<br>
    &nbsp;&nbsp;&nbsp; "outcome" =&gt; "success",<br>
    &nbsp;&nbsp;&nbsp; "response-headers" =&gt; {<br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "operation-requires-reload" =&gt; true,<br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "process-state" =&gt; "reload-required"<br>
    &nbsp;&nbsp;&nbsp; }<br>
    }<br>
    <br>
    The above produces the following in standalone.xml:<br>
    <br>
    &lt;security-domain name="test" cache-type="default"&gt;<br>
    &nbsp;&nbsp;&nbsp; &lt;authentication&gt;<br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;login-module code="UsersRoles" flag="required"&gt;<br>
    &nbsp;&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;module-option name="prop1" value="value1"/&gt;<br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;module-option name="prop2" value="value2"/&gt;<br>
    &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/login-module&gt;<br>
    &nbsp;&nbsp;&nbsp; &lt;/authentication&gt;<br>
    &lt;/security-domain&gt;<br>
    <br>
    BTW, I also saw the failure to auto-complete the
    authentication=classic part in AS 7.2 (works on EAP though). I'll
    take a look into it.<br>
    <br>
    Cheers,<br>
    Stefan<br>
    <br>
    <blockquote cite="mid:501C1358.6020202@redhat.com" type="cite">
      <div class="moz-cite-prefix"> <br>
        Wolf<br>
        <br>
        <br>
        <br>
        On 08/03/2012 06:26 PM, Wolf-Dieter Fink wrote:<br>
      </div>
      <blockquote cite="mid:501BFBCF.8000402@redhat.com" type="cite">
        <meta content="text/html; charset=ISO-8859-1"
          http-equiv="Content-Type">
        <div class="moz-cite-prefix">On 08/03/2012 05:53 PM, Alexey
          Loubyansky wrote:<br>
        </div>
        <blockquote cite="mid:501BF416.8000709@redhat.com" type="cite">
          <pre wrap="">On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
</pre>
          <blockquote type="cite">
            <pre wrap="">#simple is
//subsystem=security/security-domain=lbank:add(cache-type=default)/

but how to know that "classic" must used?
//subsystem=security/security-domain=lbank/authentication=/
tab completition will not help, only if I type =classic: the tab
completition will show commands otherwise not
</pre>
          </blockquote>
          <pre wrap="">This is for the security team to answer.

</pre>
          <blockquote type="cite">
            <pre wrap="">I suppose that this should be correct, but it shows an error:
EAP6
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" =&gt; "failed",
     "failure-description" =&gt; "JBAS014688: Wrong type for value.
Expected [LIST] but was STRING",
     "rolled-back" =&gt; true
}
/
</pre>
          </blockquote>
          <pre wrap="">Looks like this version doesn't support simplified syntax for parameter 
values, so try using complete DMR format, i.e. [{"code"=&gt;"UsersRoles", ...

</pre>
          <blockquote type="cite">
            <pre wrap="">AS7.2 (upstream)
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" =&gt; "failed",
     "failure-description" =&gt; "JBAS014807: Management resource '[
     (\"subsystem\" =&gt; \"security\"),
     (\"security-domain\" =&gt; \"lbank2\"),
     (\"authentication\" =&gt; \"classic\")
]' not found",
     "rolled-back" =&gt; true
}/
</pre>
          </blockquote>
          <pre wrap="">The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /] 
/subsystem=security/security-domain=lbank/authentication=classic:add( ...

where you initialize the login-modules.
</pre>
        </blockquote>
        Looks like that AS7.2 include a fix and the different messages
        are confusing me.<br>
        The trick is:<br>
        <br>
/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])<br>
        <br>
        But if I add the module options:<br>
        <small>[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])<br>
          {<br>
          &nbsp;&nbsp;&nbsp; "failure-description" =&gt; [<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "JBAS014798: Validation failed for login-modules",<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "JBAS014688: Wrong type for module-options. Expected
          [OBJECT] but was LIST"<br>
          &nbsp;&nbsp;&nbsp; ],<br>
          &nbsp;&nbsp;&nbsp; "rolled-back" =&gt; true<br>
          }<br>
          <br>
          <big>How do I add th module-options as OBJECT?<br>
            <br>
            <br>
            The result should look like:<br>
            <i><small>[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:read-resource<br>
                {<br>
                &nbsp;&nbsp;&nbsp; "outcome" =&gt; "success",<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "code" =&gt; "UsersRoles",<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "flag" =&gt; "required",<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "module-options" =&gt; [<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ("usersProperties" =&gt; expression
                "${jboss.server.config.dir}/lbank-users.properties"),<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ("rolesProperties" =&gt; expression
                "${jboss.server.config.dir}/lbank-roles.properties")<br>
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ]<br>
                &nbsp;&nbsp;&nbsp; }]}<br>
                }<br>
                <br>
                XML:<br>
              </small></i></big></small><small>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
          &lt;security-domain name="lbank" cache-type="default"&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;authentication&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;login-module code="UsersRoles"
          flag="required"&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;module-option
          name="usersProperties"
          value="${jboss.server.config.dir}/lbank-users.properties"/&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;module-option
          name="rolesProperties"
          value="${jboss.server.config.dir}/lbank-roles.properties"/&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;module-option
          name="password-stacking" value="useFirstPass"/&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/login-module&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/authentication&gt;<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/security-domain&gt;</small><br>
        <br>
        <small><big><br>
          </big></small><br>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
jboss-as7-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:jboss-as7-dev@lists.jboss.org">jboss-as7-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/jboss-as7-dev">https://lists.jboss.org/mailman/listinfo/jboss-as7-dev</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
jboss-as7-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:jboss-as7-dev@lists.jboss.org">jboss-as7-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/jboss-as7-dev">https://lists.jboss.org/mailman/listinfo/jboss-as7-dev</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>