[jboss-as7-dev] Use of CLI to add security-domain
Stefan Guilhen
sguilhen at redhat.com
Wed Aug 8 14:54:27 EDT 2012
Hi Wolf,
On 08/03/2012 03:07 PM, Wolf-Dieter Fink wrote:
> Just to complete the thread.
>
> With AS7.2 (current upstream) the command will run successful with the
> expression (note the \ quotes of {} )
>
> /subsystem=security/security-domain=lbank/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/lbank-users.properties,rolesProperties=$\{jboss.server.config.dir\}/lbank-roles.properties}}]
>
>
> It will fail with former tags and EAP (7.1.3 not tested ATM)
Yea, that works with the current master and branch 7.1 (future 7.1.3).
The difference is that module-option expressions are not supported in
the 7.1 branch (see PRODMGT-182 for details), but the CLI command to add
a security domain is the same.
I've tried adding a domain in EAP6 and after a few tries I've managed to
do it with the following commands:
./subsystem=security/security-domain=test:add(cache-type=default)
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
./subsystem=security/security-domain=test/authentication=classic:add(login-modules=[{"code"=>"UsersRoles","flag"=>"required","module-options"=>[("prop1"=>"value1"),("prop2"=>"value2")]}])
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
The above produces the following in standalone.xml:
<security-domain name="test" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="prop1" value="value1"/>
<module-option name="prop2" value="value2"/>
</login-module>
</authentication>
</security-domain>
BTW, I also saw the failure to auto-complete the authentication=classic
part in AS 7.2 (works on EAP though). I'll take a look into it.
Cheers,
Stefan
>
> Wolf
>
>
>
> On 08/03/2012 06:26 PM, Wolf-Dieter Fink wrote:
>> On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
>>> On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
>>>> #simple is
>>>> //subsystem=security/security-domain=lbank:add(cache-type=default)/
>>>>
>>>> but how to know that "classic" must used?
>>>> //subsystem=security/security-domain=lbank/authentication=/
>>>> tab completition will not help, only if I type =classic: the tab
>>>> completition will show commands otherwise not
>>> This is for the security team to answer.
>>>
>>>> I suppose that this should be correct, but it shows an error:
>>>> EAP6
>>>> /[standalone at localhost:9999 /]
>>>> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
>>>> {
>>>> "outcome" => "failed",
>>>> "failure-description" => "JBAS014688: Wrong type for value.
>>>> Expected [LIST] but was STRING",
>>>> "rolled-back" => true
>>>> }
>>>> /
>>> Looks like this version doesn't support simplified syntax for parameter
>>> values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...
>>>
>>>> AS7.2 (upstream)
>>>> /[standalone at localhost:9999 /]
>>>> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
>>>> {
>>>> "outcome" => "failed",
>>>> "failure-description" => "JBAS014807: Management resource '[
>>>> (\"subsystem\" => \"security\"),
>>>> (\"security-domain\" => \"lbank2\"),
>>>> (\"authentication\" => \"classic\")
>>>> ]' not found",
>>>> "rolled-back" => true
>>>> }/
>>> The classic doesn't exist. It has to be added first, i.e.
>>> [standalone at localhost:9999 /]
>>> /subsystem=security/security-domain=lbank/authentication=classic:add( ...
>>>
>>> where you initialize the login-modules.
>> Looks like that AS7.2 include a fix and the different messages are
>> confusing me.
>> The trick is:
>>
>> /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])
>>
>> But if I add the module options:
>> [standalone at localhost:9999 /]
>> /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
>> {
>> "failure-description" => [
>> "JBAS014798: Validation failed for login-modules",
>> "JBAS014688: Wrong type for module-options. Expected [OBJECT]
>> but was LIST"
>> ],
>> "rolled-back" => true
>> }
>>
>> How do I add th module-options as OBJECT?
>>
>>
>> The result should look like:
>> /[standalone at localhost:9999 /]
>> /subsystem=security/security-domain=lbank/authentication=classic:read-resource
>> {
>> "outcome" => "success",
>> "code" => "UsersRoles",
>> "flag" => "required",
>> "module-options" => [
>> ("usersProperties" => expression
>> "${jboss.server.config.dir}/lbank-users.properties"),
>> ("rolesProperties" => expression
>> "${jboss.server.config.dir}/lbank-roles.properties")
>> ]
>> }]}
>> }
>>
>> XML:
>> /<security-domain name="lbank" cache-type="default">
>> <authentication>
>> <login-module code="UsersRoles" flag="required">
>> <module-option name="usersProperties"
>> value="${jboss.server.config.dir}/lbank-users.properties"/>
>> <module-option name="rolesProperties"
>> value="${jboss.server.config.dir}/lbank-roles.properties"/>
>> <module-option name="password-stacking"
>> value="useFirstPass"/>
>> </login-module>
>> </authentication>
>> </security-domain>
>>
>>
>>
>>
>>
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
>
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-as7-dev/attachments/20120808/97dbdb97/attachment.html
More information about the jboss-as7-dev
mailing list