[jboss-as7-dev] Use of CLI to add security-domain

Wolf-Dieter Fink wfink at redhat.com
Fri Aug 3 14:07:20 EDT 2012


Just to complete the thread.

With AS7.2 (current upstream) the command will run successful with the 
expression (note the \ quotes of {} )

/subsystem=security/security-domain=lbank/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/lbank-users.properties,rolesProperties=$\{jboss.server.config.dir\}/lbank-roles.properties}}]


It will fail with former tags and EAP (7.1.3 not tested ATM)

Wolf



On 08/03/2012 06:26 PM, Wolf-Dieter Fink wrote:
> On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
>> On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
>>> #simple is
>>> //subsystem=security/security-domain=lbank:add(cache-type=default)/
>>>
>>> but how to know that "classic" must used?
>>> //subsystem=security/security-domain=lbank/authentication=/
>>> tab completition will not help, only if I type =classic: the tab
>>> completition will show commands otherwise not
>> This is for the security team to answer.
>>
>>> I suppose that this should be correct, but it shows an error:
>>> EAP6
>>> /[standalone at localhost:9999 /]
>>> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
>>> {
>>>       "outcome" => "failed",
>>>       "failure-description" => "JBAS014688: Wrong type for value.
>>> Expected [LIST] but was STRING",
>>>       "rolled-back" => true
>>> }
>>> /
>> Looks like this version doesn't support simplified syntax for parameter
>> values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...
>>
>>> AS7.2 (upstream)
>>> /[standalone at localhost:9999 /]
>>> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
>>> {
>>>       "outcome" => "failed",
>>>       "failure-description" => "JBAS014807: Management resource '[
>>>       (\"subsystem\" => \"security\"),
>>>       (\"security-domain\" => \"lbank2\"),
>>>       (\"authentication\" => \"classic\")
>>> ]' not found",
>>>       "rolled-back" => true
>>> }/
>> The classic doesn't exist. It has to be added first, i.e.
>> [standalone at localhost:9999 /]
>> /subsystem=security/security-domain=lbank/authentication=classic:add( ...
>>
>> where you initialize the login-modules.
> Looks like that AS7.2 include a fix and the different messages are 
> confusing me.
> The trick is:
>
> /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])
>
> But if I add the module options:
> [standalone at localhost:9999 /] 
> /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
> {
>     "failure-description" => [
>         "JBAS014798: Validation failed for login-modules",
>         "JBAS014688: Wrong type for module-options. Expected [OBJECT] 
> but was LIST"
>     ],
>     "rolled-back" => true
> }
>
> How do I add th module-options as OBJECT?
>
>
> The result should look like:
> /[standalone at localhost:9999 /] 
> /subsystem=security/security-domain=lbank/authentication=classic:read-resource
> {
>     "outcome" => "success",
>         "code" => "UsersRoles",
>         "flag" => "required",
>         "module-options" => [
>             ("usersProperties" => expression 
> "${jboss.server.config.dir}/lbank-users.properties"),
>             ("rolesProperties" => expression 
> "${jboss.server.config.dir}/lbank-roles.properties")
>         ]
>     }]}
> }
>
> XML:
> /<security-domain name="lbank" cache-type="default">
>                     <authentication>
>                         <login-module code="UsersRoles" flag="required">
>                             <module-option name="usersProperties" 
> value="${jboss.server.config.dir}/lbank-users.properties"/>
>                             <module-option name="rolesProperties" 
> value="${jboss.server.config.dir}/lbank-roles.properties"/>
>                             <module-option name="password-stacking" 
> value="useFirstPass"/>
>                         </login-module>
>                     </authentication>
>                 </security-domain>
>
>
>
>
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-as7-dev/attachments/20120803/a461a865/attachment.html 


More information about the jboss-as7-dev mailing list