<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Wolf,<br>
<br>
On 08/03/2012 03:07 PM, Wolf-Dieter Fink wrote:<br>
</div>
<blockquote cite="mid:501C1358.6020202@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Just to complete the thread.<br>
<br>
With AS7.2 (current upstream) the command will run successful
with the expression (note the \ quotes of {} )<br>
<br>
/subsystem=security/security-domain=lbank/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/lbank-users.properties,rolesProperties=$\{jboss.server.config.dir\}/lbank-roles.properties}}]<br>
<br>
<br>
It will fail with former tags and EAP (7.1.3 not tested ATM)<br>
</div>
</blockquote>
<br>
Yea, that works with the current master and branch 7.1 (future
7.1.3). The difference is that module-option expressions are not
supported in the 7.1 branch (see PRODMGT-182 for details), but the
CLI command to add a security domain is the same.<br>
<br>
I've tried adding a domain in EAP6 and after a few tries I've
managed to do it with the following commands:<br>
<br>
./subsystem=security/security-domain=test:add(cache-type=default)<br>
<br>
{<br>
"outcome" => "success",<br>
"response-headers" => {"process-state" =>
"reload-required"}<br>
}<br>
<br>
./subsystem=security/security-domain=test/authentication=classic:add(login-modules=[{"code"=>"UsersRoles","flag"=>"required","module-options"=>[("prop1"=>"value1"),("prop2"=>"value2")]}])<br>
<br>
{<br>
"outcome" => "success",<br>
"response-headers" => {<br>
"operation-requires-reload" => true,<br>
"process-state" => "reload-required"<br>
}<br>
}<br>
<br>
The above produces the following in standalone.xml:<br>
<br>
<security-domain name="test" cache-type="default"><br>
<authentication><br>
<login-module code="UsersRoles" flag="required"><br>
<module-option name="prop1" value="value1"/><br>
<module-option name="prop2" value="value2"/><br>
</login-module><br>
</authentication><br>
</security-domain><br>
<br>
BTW, I also saw the failure to auto-complete the
authentication=classic part in AS 7.2 (works on EAP though). I'll
take a look into it.<br>
<br>
Cheers,<br>
Stefan<br>
<br>
<blockquote cite="mid:501C1358.6020202@redhat.com" type="cite">
<div class="moz-cite-prefix"> <br>
Wolf<br>
<br>
<br>
<br>
On 08/03/2012 06:26 PM, Wolf-Dieter Fink wrote:<br>
</div>
<blockquote cite="mid:501BFBCF.8000402@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 08/03/2012 05:53 PM, Alexey
Loubyansky wrote:<br>
</div>
<blockquote cite="mid:501BF416.8000709@redhat.com" type="cite">
<pre wrap="">On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
</pre>
<blockquote type="cite">
<pre wrap="">#simple is
//subsystem=security/security-domain=lbank:add(cache-type=default)/
but how to know that "classic" must used?
//subsystem=security/security-domain=lbank/authentication=/
tab completition will not help, only if I type =classic: the tab
completition will show commands otherwise not
</pre>
</blockquote>
<pre wrap="">This is for the security team to answer.
</pre>
<blockquote type="cite">
<pre wrap="">I suppose that this should be correct, but it shows an error:
EAP6
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
"outcome" => "failed",
"failure-description" => "JBAS014688: Wrong type for value.
Expected [LIST] but was STRING",
"rolled-back" => true
}
/
</pre>
</blockquote>
<pre wrap="">Looks like this version doesn't support simplified syntax for parameter
values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...
</pre>
<blockquote type="cite">
<pre wrap="">AS7.2 (upstream)
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
"outcome" => "failed",
"failure-description" => "JBAS014807: Management resource '[
(\"subsystem\" => \"security\"),
(\"security-domain\" => \"lbank2\"),
(\"authentication\" => \"classic\")
]' not found",
"rolled-back" => true
}/
</pre>
</blockquote>
<pre wrap="">The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:add( ...
where you initialize the login-modules.
</pre>
</blockquote>
Looks like that AS7.2 include a fix and the different messages
are confusing me.<br>
The trick is:<br>
<br>
/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])<br>
<br>
But if I add the module options:<br>
<small>[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])<br>
{<br>
"failure-description" => [<br>
"JBAS014798: Validation failed for login-modules",<br>
"JBAS014688: Wrong type for module-options. Expected
[OBJECT] but was LIST"<br>
],<br>
"rolled-back" => true<br>
}<br>
<br>
<big>How do I add th module-options as OBJECT?<br>
<br>
<br>
The result should look like:<br>
<i><small>[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:read-resource<br>
{<br>
"outcome" => "success",<br>
"code" => "UsersRoles",<br>
"flag" => "required",<br>
"module-options" => [<br>
("usersProperties" => expression
"${jboss.server.config.dir}/lbank-users.properties"),<br>
("rolesProperties" => expression
"${jboss.server.config.dir}/lbank-roles.properties")<br>
]<br>
}]}<br>
}<br>
<br>
XML:<br>
</small></i></big></small><small>
<security-domain name="lbank" cache-type="default"><br>
<authentication><br>
<login-module code="UsersRoles"
flag="required"><br>
<module-option
name="usersProperties"
value="${jboss.server.config.dir}/lbank-users.properties"/><br>
<module-option
name="rolesProperties"
value="${jboss.server.config.dir}/lbank-roles.properties"/><br>
<module-option
name="password-stacking" value="useFirstPass"/><br>
</login-module><br>
</authentication><br>
</security-domain></small><br>
<br>
<small><big><br>
</big></small><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
jboss-as7-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:jboss-as7-dev@lists.jboss.org">jboss-as7-dev@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/jboss-as7-dev">https://lists.jboss.org/mailman/listinfo/jboss-as7-dev</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
jboss-as7-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:jboss-as7-dev@lists.jboss.org">jboss-as7-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/jboss-as7-dev">https://lists.jboss.org/mailman/listinfo/jboss-as7-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>