[
https://issues.jboss.org/browse/WFLY-3492?page=com.atlassian.jira.plugin....
]
Alexey Loubyansky commented on WFLY-3492:
-----------------------------------------
I've created WFCORE-90 for the CLI to improve the parsing in this case. It's been
merged now, so once wildfly switches to the core 1.0.0.Alpha6 the changes will be in
effect. So, with the changes in parsing the request for the operation will look like this
[standalone@localhost:9990 /] echo-dmr
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{
"address" => [
("subsystem" => "security"),
("security-domain" => "trust-domain"),
("jsse" => "classic")
],
"operation" => "add",
"keystore" => {
">{password" => "1234test",
"url" =>
"/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks}"
}
}
and if you try to execute it, it will fail with the following error
[standalone@localhost:9990 /]
/subsystem=security/security-domain=trust-domain/jsse=classic:add(keystore=>{password=1234test,url=/Users/kabir/sourcecontrol/wildfly/git/wildfly/security/subsystem/src/test/resources/clientcert.jks})
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0155: password may not be
null",
"rolled-back" => true
}
which will happen on the server. It won't find the required password parameter. And it
doesn't care of the presence of the parameters it doesn't expect like
>{password.
JSSE configuration in security domain wrongly acceptes empty
parameters
-----------------------------------------------------------------------
Key: WFLY-3492
URL:
https://issues.jboss.org/browse/WFLY-3492
Project: WildFly
Issue Type: Bug
Components: Domain Management
Affects Versions: 8.1.0.Final
Reporter: Chao Wang
Assignee: Alexey Loubyansky
Description from
https://bugzilla.redhat.com/show_bug.cgi?id=1080069:
{noformat}
When adding a jsse configuration in security domain through CLI, it's not persisted
correctly.
Steps to reproduce:
* Run CLI (./jboss-cli.sh -c) and use this commands to configure new security domain:
/subsystem=security/security-domain=trust-domain:add
/subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore=>{password=1234test,url=/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
reload
* check standalone.xml, where should be sth. like
<security-domain name="trust-domain">
<jsse truststore-password="1234test"
truststore-url="/home/jcacek/projects/ocsp-check/build/trusted-clients.jks"/>
</security-domain>
But there is:
<security-domain name="trust-domain">
<jsse/>
</security-domain>
{noformat}
{noformat}
I had a mistake in the second command, it should be:
/subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore={password=>1234test,url=>/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
Then it works.
Nevertheless it's probably still a bug, when the original command returns:
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)