[
https://issues.jboss.org/browse/WFLY-3492?page=com.atlassian.jira.plugin....
]
Kabir Khan edited comment on WFLY-3492 at 9/1/14 11:57 AM:
-----------------------------------------------------------
Looking a bit more into this, if I use:
{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore={password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{code}
e.g. truststore *=* {...} the operation becomes:
{code}
{
"address" => [
("subsystem" => "security"),
("security-domain" => "trust-domain"),
("jsse" => "classic")
],
"operation" => "add",
"keystore" => {
"password" => "1234test",
"url" =>
"/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks"
},
---SNIP---
}
{code}
However, if I do
{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{code}
e.g. truststore *=>* {...} the operation becomes:
{code}
{
"address" => [
("subsystem" => "security"),
("security-domain" => "trust-domain"),
("jsse" => "classic")
],
"operation" => "add",
"keystore" => ">",
--- SNIP ----
}
{code}
So perhaps rather than a validation error, this is a CLI parsing problem in general? It
seems that *=>* should get rejected.
[~loubyansky] [~brian.stansberry] What do you think?
was (Author: kabirkhan):
Looking a bit more into this, if I use:
{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore={password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{code}
e.g. truststore*=*{...} the operation becomes:
{code}
{
"address" => [
("subsystem" => "security"),
("security-domain" => "trust-domain"),
("jsse" => "classic")
],
"operation" => "add",
"keystore" => {
"password" => "1234test",
"url" =>
"/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks"
},
---SNIP---
}
{code}
However, if I do
{code}
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{code}
e.g. truststore*=>*{...} the operation becomes:
{code}
{
"address" => [
("subsystem" => "security"),
("security-domain" => "trust-domain"),
("jsse" => "classic")
],
"operation" => "add",
"keystore" => ">",
--- SNIP ----
}
{code}
So perhaps rather than a validation error, this is a CLI parsing problem in general? It
seems that *=>* should get rejected.
[~loubyansky] [~brian.stansberry] What do you think?
JSSE configuration in security domain wrongly acceptes empty
parameters
-----------------------------------------------------------------------
Key: WFLY-3492
URL:
https://issues.jboss.org/browse/WFLY-3492
Project: WildFly
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Domain Management
Affects Versions: 8.1.0.Final
Reporter: Chao Wang
Assignee: Chao Wang
Description from
https://bugzilla.redhat.com/show_bug.cgi?id=1080069:
{noformat}
When adding a jsse configuration in security domain through CLI, it's not persisted
correctly.
Steps to reproduce:
* Run CLI (./jboss-cli.sh -c) and use this commands to configure new security domain:
/subsystem=security/security-domain=trust-domain:add
/subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore=>{password=1234test,url=/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
reload
* check standalone.xml, where should be sth. like
<security-domain name="trust-domain">
<jsse truststore-password="1234test"
truststore-url="/home/jcacek/projects/ocsp-check/build/trusted-clients.jks"/>
</security-domain>
But there is:
<security-domain name="trust-domain">
<jsse/>
</security-domain>
{noformat}
{noformat}
I had a mistake in the second command, it should be:
/subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore={password=>1234test,url=>/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
Then it works.
Nevertheless it's probably still a bug, when the original command returns:
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)