On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:

#simple is
//subsystem=security/security-domain=lbank:add(cache-type=default)/

but how to know that "classic" must used?
//subsystem=security/security-domain=lbank/authentication=/
tab completition will not help, only if I type =classic: the tab
completition will show commands otherwise not

This is for the security team to answer.


I suppose that this should be correct, but it shows an error:
EAP6
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014688: Wrong type for value.
Expected [LIST] but was STRING",
     "rolled-back" => true
}
/

Looks like this version doesn't support simplified syntax for parameter 
values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...


AS7.2 (upstream)
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014807: Management resource '[
     (\"subsystem\" => \"security\"),
     (\"security-domain\" => \"lbank2\"),
     (\"authentication\" => \"classic\")
]' not found",
     "rolled-back" => true
}/

The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /] 
/subsystem=security/security-domain=lbank/authentication=classic:add( ...

where you initialize the login-modules.
Looks like that AS7.2 include a fix and the different messages are confusing me.
The trick is:

/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])

But if I add the module options:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
{
    "failure-description" => [
        "JBAS014798: Validation failed for login-modules",
        "JBAS014688: Wrong type for module-options. Expected [OBJECT] but was LIST"
    ],
    "rolled-back" => true
}

How do I add th module-options as OBJECT?


The result should look like:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-resource
{
    "outcome" => "success",
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties")
        ]
    }]}
}

XML:
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>