[jboss-as7-dev] Use of CLI to add security-domain
Wolf-Dieter Fink
wfink at redhat.com
Fri Aug 3 12:26:55 EDT 2012
On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
> On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
>> #simple is
>> //subsystem=security/security-domain=lbank:add(cache-type=default)/
>>
>> but how to know that "classic" must used?
>> //subsystem=security/security-domain=lbank/authentication=/
>> tab completition will not help, only if I type =classic: the tab
>> completition will show commands otherwise not
> This is for the security team to answer.
>
>> I suppose that this should be correct, but it shows an error:
>> EAP6
>> /[standalone at localhost:9999 /]
>> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
>> {
>> "outcome" => "failed",
>> "failure-description" => "JBAS014688: Wrong type for value.
>> Expected [LIST] but was STRING",
>> "rolled-back" => true
>> }
>> /
> Looks like this version doesn't support simplified syntax for parameter
> values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...
>
>> AS7.2 (upstream)
>> /[standalone at localhost:9999 /]
>> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
>> {
>> "outcome" => "failed",
>> "failure-description" => "JBAS014807: Management resource '[
>> (\"subsystem\" => \"security\"),
>> (\"security-domain\" => \"lbank2\"),
>> (\"authentication\" => \"classic\")
>> ]' not found",
>> "rolled-back" => true
>> }/
> The classic doesn't exist. It has to be added first, i.e.
> [standalone at localhost:9999 /]
> /subsystem=security/security-domain=lbank/authentication=classic:add( ...
>
> where you initialize the login-modules.
Looks like that AS7.2 include a fix and the different messages are
confusing me.
The trick is:
/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])
But if I add the module options:
[standalone at localhost:9999 /]
/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
{
"failure-description" => [
"JBAS014798: Validation failed for login-modules",
"JBAS014688: Wrong type for module-options. Expected [OBJECT]
but was LIST"
],
"rolled-back" => true
}
How do I add th module-options as OBJECT?
The result should look like:
/[standalone at localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:read-resource
{
"outcome" => "success",
"code" => "UsersRoles",
"flag" => "required",
"module-options" => [
("usersProperties" => expression
"${jboss.server.config.dir}/lbank-users.properties"),
("rolesProperties" => expression
"${jboss.server.config.dir}/lbank-roles.properties")
]
}]}
}
XML:
/<security-domain name="lbank" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties"
value="${jboss.server.config.dir}/lbank-users.properties"/>
<module-option name="rolesProperties"
value="${jboss.server.config.dir}/lbank-roles.properties"/>
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-as7-dev/attachments/20120803/7cb27eb8/attachment.html
More information about the jboss-as7-dev
mailing list