CLI command adding a security-domain does not work for me

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CLI command adding a security-domain does not work for me

Wolf-Dieter Fink
I try to add a security domain with the command  (review JB248 AS7 admin
course):

cd profile=full-ha/subsystem=security
./security-domain=JBTravel:add(authentication=[{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:jboss/JBTravelDatasource"),("principalsQuery"=>"select
password from JTRAVEL.USER where username=?"),("rolesQuery"=>"select
null,'Roles' from JTRAVEL.USER where username=?")]}])

and I see =>  'authentication' is not found among the supported
properties: [cache-type]

For me it looks correct, if I add the security-domain directly to the
domain.xml it will be correct, see below.

I test with EAP6.ER3 and 7.1.2.Final.

Am I wrong with the command (and my understanding of it)?

- Wolf

======  XML  ====
<security-domain name="JBTravel">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/JBTravelDatasource"/>
<module-option name="principalsQuery" value="SELECT password FROM
JBTRAVEL.USER WHERE username=?"/>
<module-option name="rolesQuery" value="SELECT null,'Roles' FROM
JBTRAVEL.USER WHERE username=?"/>
</login-module>
</authentication>
</security-domain>
=================
[domain@localhost:9999 subsystem=security]
./security-domain=JBTravel:read-resource
{
     "outcome" => "success",
     "result" => {
         "acl" => undefined,
         "audit" => undefined,
         "authorization" => undefined,
         "cache-type" => undefined,
         "identity-trust" => undefined,
         "jsse" => undefined,
         "mapping" => undefined,
         "authentication" => {"classic" => undefined}
     }
}

_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: CLI command adding a security-domain does not work for me

Emanuel Muckenhuber
Hmm, looks like the example is out-of-date. I think you would need to do
something like the following to add that using the CLI:

# batch
# /subsystem=security/security-domain=JBTravel:add
#
/subsystem=security/security-domain=JBTravel/authentication=classic:add(login-modules=[{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:jboss/
JBTravelDatasource"),("principalsQuery"=>"select password from
JTRAVEL.USER where username=?"),("rolesQuery"=>"select null,'Roles' from
JTRAVEL.USER where username=?")]}])
# run-batch

Although this is for standalone... so you would need to change that for
the domain.

On 03/16/2012 09:07 AM, Wolf-Dieter Fink wrote:

> I try to add a security domain with the command  (review JB248 AS7 admin
> course):
>
> cd profile=full-ha/subsystem=security
> ./security-domain=JBTravel:add(authentication=[{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:jboss/JBTravelDatasource"),("principalsQuery"=>"select
> password from JTRAVEL.USER where username=?"),("rolesQuery"=>"select
> null,'Roles' from JTRAVEL.USER where username=?")]}])
>
> and I see =>   'authentication' is not found among the supported
> properties: [cache-type]
>
> For me it looks correct, if I add the security-domain directly to the
> domain.xml it will be correct, see below.
>
> I test with EAP6.ER3 and 7.1.2.Final.
>
> Am I wrong with the command (and my understanding of it)?
>
> - Wolf
>
> ======  XML  ====
> <security-domain name="JBTravel">
> <authentication>
> <login-module code="Database" flag="required">
> <module-option name="dsJndiName" value="java:jboss/JBTravelDatasource"/>
> <module-option name="principalsQuery" value="SELECT password FROM
> JBTRAVEL.USER WHERE username=?"/>
> <module-option name="rolesQuery" value="SELECT null,'Roles' FROM
> JBTRAVEL.USER WHERE username=?"/>
> </login-module>
> </authentication>
> </security-domain>
> =================
> [domain@localhost:9999 subsystem=security]
> ./security-domain=JBTravel:read-resource
> {
>       "outcome" =>  "success",
>       "result" =>  {
>           "acl" =>  undefined,
>           "audit" =>  undefined,
>           "authorization" =>  undefined,
>           "cache-type" =>  undefined,
>           "identity-trust" =>  undefined,
>           "jsse" =>  undefined,
>           "mapping" =>  undefined,
>           "authentication" =>  {"classic" =>  undefined}
>       }
> }
>
> _______________________________________________
> jboss-as7-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev