Use of CLI to add security-domain

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Use of CLI to add security-domain

Wolf-Dieter Fink
Hi,

I try to add this to the standalone.xml via CLI:

       <subsystem xmlns="urn:jboss:domain:security:1.2">
            <security-domains>
                 ....
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>



If I add it to XML the CLI will show:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authorization" => undefined,
        "cache-type" => "default",
        "identity-trust" => undefined,
        "jsse" => undefined,
        "mapping" => undefined,
        "authentication" => {"classic" => {"login-modules" => [{
            "code" => "UsersRoles",
            "flag" => "required",
            "module-options" => [
                ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
                ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
                ("password-stacking" => "useFirstPass")
            ]
        }]}}
    }
}
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-attribute(name=login-modules)
{
    "outcome" => "success",
    "result" => [{
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
            ("password-stacking" => "useFirstPass")
        ]
    }]
}


#simple is
/subsystem=security/security-domain=lbank:add(cache-type=default)

but how to know that "classic" must used?
    /subsystem=security/security-domain=lbank/authentication=
tab completition will not help, only if I type =classic: the tab completition will show commands otherwise not

I suppose that this should be correct, but it shows an error:
EAP6
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014688: Wrong type for value. Expected [LIST] but was STRING",
    "rolled-back" => true
}

AS7.2 (upstream)
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014807: Management resource '[
    (\"subsystem\" => \"security\"),
    (\"security-domain\" => \"lbank2\"),
    (\"authentication\" => \"classic\")
]' not found",
    "rolled-back" => true
}



Next difficulty is to add the module-options with expressions.

Any guiding or help?

Wolf



BTW the CLI tab completition crash:
/subsystem=security/security-domain=lbankx/authentication=(
java.lang.IllegalArgumentException: The argument value is not specified for name: 'null'
    at org.jboss.as.cli.operation.impl.DefaultOperationRequestBuilder.addProperty(DefaultOperationRequestBuilder.java:113)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:208)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:51)
    at org.jboss.as.cli.operation.OperationRequestCompleter.complete(OperationRequestCompleter.java:142)
    at org.jboss.as.cli.CommandCompleter.complete(CommandCompleter.java:93)
    at org.jboss.as.cli.impl.Console$Factory$1$1.complete(Console.java:96)
    at org.jboss.jreadline.console.Console.complete(Console.java:809)
    at org.jboss.jreadline.console.Console.read(Console.java:383)
    at org.jboss.jreadline.console.Console.read(Console.java:221)
    at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:166)
    at org.jboss.as.cli.impl.CommandContextImpl.interact(CommandContextImpl.java:1129)
    at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:243)
    at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.jboss.modules.Module.run(Module.java:270)
    at org.jboss.modules.Main.main(Main.java:294)


_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Tomaž Cerar-2
Wolf,

module-options do not support expressions yet, there is an issue open to add support for it: https://issues.jboss.org/browse/AS7-5177
I have started working on it, but am not done yet..

--
tomaz

On Fri, Jul 27, 2012 at 8:02 PM, Wolf-Dieter Fink <[hidden email]> wrote:
Hi,

I try to add this to the standalone.xml via CLI:

       <subsystem xmlns="urn:jboss:domain:security:1.2">
            <security-domains>
                 ....
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>



If I add it to XML the CLI will show:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authorization" => undefined,
        "cache-type" => "default",
        "identity-trust" => undefined,
        "jsse" => undefined,
        "mapping" => undefined,
        "authentication" => {"classic" => {"login-modules" => [{
            "code" => "UsersRoles",
            "flag" => "required",
            "module-options" => [
                ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
                ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
                ("password-stacking" => "useFirstPass")
            ]
        }]}}
    }
}
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-attribute(name=login-modules)
{
    "outcome" => "success",
    "result" => [{
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
            ("password-stacking" => "useFirstPass")
        ]
    }]
}


#simple is
/subsystem=security/security-domain=lbank:add(cache-type=default)

but how to know that "classic" must used?
    /subsystem=security/security-domain=lbank/authentication=
tab completition will not help, only if I type =classic: the tab completition will show commands otherwise not

I suppose that this should be correct, but it shows an error:
EAP6
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014688: Wrong type for value. Expected [LIST] but was STRING",
    "rolled-back" => true
}

AS7.2 (upstream)
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014807: Management resource '[
    (\"subsystem\" => \"security\"),
    (\"security-domain\" => \"lbank2\"),
    (\"authentication\" => \"classic\")
]' not found",
    "rolled-back" => true
}



Next difficulty is to add the module-options with expressions.

Any guiding or help?

Wolf



BTW the CLI tab completition crash:
/subsystem=security/security-domain=lbankx/authentication=(
java.lang.IllegalArgumentException: The argument value is not specified for name: 'null'
    at org.jboss.as.cli.operation.impl.DefaultOperationRequestBuilder.addProperty(DefaultOperationRequestBuilder.java:113)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:208)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:51)
    at org.jboss.as.cli.operation.OperationRequestCompleter.complete(OperationRequestCompleter.java:142)
    at org.jboss.as.cli.CommandCompleter.complete(CommandCompleter.java:93)
    at org.jboss.as.cli.impl.Console$Factory$1$1.complete(Console.java:96)
    at org.jboss.jreadline.console.Console.complete(Console.java:809)
    at org.jboss.jreadline.console.Console.read(Console.java:383)
    at org.jboss.jreadline.console.Console.read(Console.java:221)
    at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:166)
    at org.jboss.as.cli.impl.CommandContextImpl.interact(CommandContextImpl.java:1129)
    at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:243)
    at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.jboss.modules.Module.run(Module.java:270)
    at org.jboss.modules.Main.main(Main.java:294)


_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev



_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Wolf-Dieter Fink
Thanks Tomaz,

but in my case I strip the command and did not use module-options but neither EAP6 nor AS7.2.
The messages are different, see eMail thread.
The validation looks correct in case of AS7.2, if I drop i.e. 'flag' a validation error is shown.

Wolf

On 07/28/2012 10:54 PM, Tomaž Cerar wrote:
Wolf,

module-options do not support expressions yet, there is an issue open to add support for it: https://issues.jboss.org/browse/AS7-5177
I have started working on it, but am not done yet..

--
tomaz

On Fri, Jul 27, 2012 at 8:02 PM, Wolf-Dieter Fink <[hidden email]> wrote:
Hi,

I try to add this to the standalone.xml via CLI:

       <subsystem xmlns="urn:jboss:domain:security:1.2">
            <security-domains>
                 ....
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>



If I add it to XML the CLI will show:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authorization" => undefined,
        "cache-type" => "default",
        "identity-trust" => undefined,
        "jsse" => undefined,
        "mapping" => undefined,
        "authentication" => {"classic" => {"login-modules" => [{
            "code" => "UsersRoles",
            "flag" => "required",
            "module-options" => [
                ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
                ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
                ("password-stacking" => "useFirstPass")
            ]
        }]}}
    }
}
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-attribute(name=login-modules)
{
    "outcome" => "success",
    "result" => [{
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
            ("password-stacking" => "useFirstPass")
        ]
    }]
}


#simple is
/subsystem=security/security-domain=lbank:add(cache-type=default)

but how to know that "classic" must used?
    /subsystem=security/security-domain=lbank/authentication=
tab completition will not help, only if I type =classic: the tab completition will show commands otherwise not

I suppose that this should be correct, but it shows an error:
EAP6
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014688: Wrong type for value. Expected [LIST] but was STRING",
    "rolled-back" => true
}

AS7.2 (upstream)
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014807: Management resource '[
    (\"subsystem\" => \"security\"),
    (\"security-domain\" => \"lbank\"),
    (\"authentication\" => \"classic\")
]' not found",
    "rolled-back" => true
}



Next difficulty is to add the module-options with expressions.

Any guiding or help?

Wolf



BTW the CLI tab completition crash:
/subsystem=security/security-domain=lbankx/authentication=(
java.lang.IllegalArgumentException: The argument value is not specified for name: 'null'
    at org.jboss.as.cli.operation.impl.DefaultOperationRequestBuilder.addProperty(DefaultOperationRequestBuilder.java:113)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:208)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:51)
    at org.jboss.as.cli.operation.OperationRequestCompleter.complete(OperationRequestCompleter.java:142)
    at org.jboss.as.cli.CommandCompleter.complete(CommandCompleter.java:93)
    at org.jboss.as.cli.impl.Console$Factory$1$1.complete(Console.java:96)
    at org.jboss.jreadline.console.Console.complete(Console.java:809)
    at org.jboss.jreadline.console.Console.read(Console.java:383)
    at org.jboss.jreadline.console.Console.read(Console.java:221)
    at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:166)
    at org.jboss.as.cli.impl.CommandContextImpl.interact(CommandContextImpl.java:1129)
    at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:243)
    at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.jboss.modules.Module.run(Module.java:270)
    at org.jboss.modules.Main.main(Main.java:294)


_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev




_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Wolf-Dieter Fink
In reply to this post by Wolf-Dieter Fink
No help at all?

On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
Hi,

I try to add this to the standalone.xml via CLI:

       <subsystem xmlns="urn:jboss:domain:security:1.2">
            <security-domains>
                 ....
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>



If I add it to XML the CLI will show:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authorization" => undefined,
        "cache-type" => "default",
        "identity-trust" => undefined,
        "jsse" => undefined,
        "mapping" => undefined,
        "authentication" => {"classic" => {"login-modules" => [{
            "code" => "UsersRoles",
            "flag" => "required",
            "module-options" => [
                ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
                ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
                ("password-stacking" => "useFirstPass")
            ]
        }]}}
    }
}
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-attribute(name=login-modules)
{
    "outcome" => "success",
    "result" => [{
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties"),
            ("password-stacking" => "useFirstPass")
        ]
    }]
}


#simple is
/subsystem=security/security-domain=lbank:add(cache-type=default)

but how to know that "classic" must used?
    /subsystem=security/security-domain=lbank/authentication=
tab completition will not help, only if I type =classic: the tab completition will show commands otherwise not

I suppose that this should be correct, but it shows an error:
EAP6
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014688: Wrong type for value. Expected [LIST] but was STRING",
    "rolled-back" => true
}

AS7.2 (upstream)
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
    "outcome" => "failed",
    "failure-description" => "JBAS014807: Management resource '[
    (\"subsystem\" => \"security\"),
    (\"security-domain\" => \"lbank2\"),
    (\"authentication\" => \"classic\")
]' not found",
    "rolled-back" => true
}



Next difficulty is to add the module-options with expressions.

Any guiding or help?

Wolf



BTW the CLI tab completition crash:
/subsystem=security/security-domain=lbankx/authentication=(
java.lang.IllegalArgumentException: The argument value is not specified for name: 'null'
    at org.jboss.as.cli.operation.impl.DefaultOperationRequestBuilder.addProperty(DefaultOperationRequestBuilder.java:113)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:208)
    at org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:51)
    at org.jboss.as.cli.operation.OperationRequestCompleter.complete(OperationRequestCompleter.java:142)
    at org.jboss.as.cli.CommandCompleter.complete(CommandCompleter.java:93)
    at org.jboss.as.cli.impl.Console$Factory$1$1.complete(Console.java:96)
    at org.jboss.jreadline.console.Console.complete(Console.java:809)
    at org.jboss.jreadline.console.Console.read(Console.java:383)
    at org.jboss.jreadline.console.Console.read(Console.java:221)
    at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:166)
    at org.jboss.as.cli.impl.CommandContextImpl.interact(CommandContextImpl.java:1129)
    at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:243)
    at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.jboss.modules.Module.run(Module.java:270)
    at org.jboss.modules.Main.main(Main.java:294)



_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev


_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Alexey Loubyansky
In reply to this post by Wolf-Dieter Fink
On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
> #simple is
> //subsystem=security/security-domain=lbank:add(cache-type=default)/
>
> but how to know that "classic" must used?
> //subsystem=security/security-domain=lbank/authentication=/
> tab completition will not help, only if I type =classic: the tab
> completition will show commands otherwise not

This is for the security team to answer.

> I suppose that this should be correct, but it shows an error:
> EAP6
> /[standalone@localhost:9999 /]
> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
> {
>      "outcome" => "failed",
>      "failure-description" => "JBAS014688: Wrong type for value.
> Expected [LIST] but was STRING",
>      "rolled-back" => true
> }
> /

Looks like this version doesn't support simplified syntax for parameter
values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...

> AS7.2 (upstream)
> /[standalone@localhost:9999 /]
> /subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
> {
>      "outcome" => "failed",
>      "failure-description" => "JBAS014807: Management resource '[
>      (\"subsystem\" => \"security\"),
>      (\"security-domain\" => \"lbank2\"),
>      (\"authentication\" => \"classic\")
> ]' not found",
>      "rolled-back" => true
> }/

The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:add( ...

where you initialize the login-modules.

> Next difficulty is to add the module-options with expressions.
>
> Any guiding or help?
>
> Wolf
>
>
>
> BTW the CLI tab completition crash:
> //subsystem=security/security-domain=lbankx/authentication=(
> java.lang.IllegalArgumentException: The argument value is not specified
> for name: 'null'
>      at
> org.jboss.as.cli.operation.impl.DefaultOperationRequestBuilder.addProperty(DefaultOperationRequestBuilder.java:113)
>      at
> org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:208)
>      at
> org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:51)
>      at
> org.jboss.as.cli.operation.OperationRequestCompleter.complete(OperationRequestCompleter.java:142)
>      at org.jboss.as.cli.CommandCompleter.complete(CommandCompleter.java:93)
>      at org.jboss.as.cli.impl.Console$Factory$1$1.complete(Console.java:96)
>      at org.jboss.jreadline.console.Console.complete(Console.java:809)
>      at org.jboss.jreadline.console.Console.read(Console.java:383)
>      at org.jboss.jreadline.console.Console.read(Console.java:221)
>      at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:166)
>      at
> org.jboss.as.cli.impl.CommandContextImpl.interact(CommandContextImpl.java:1129)
>      at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:243)
>      at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
>      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>      at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>      at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>      at java.lang.reflect.Method.invoke(Method.java:616)
>      at org.jboss.modules.Module.run(Module.java:270)
>      at org.jboss.modules.Main.main(Main.java:294)
> /

I don't see this in upstream. Do you? I'll check 7.1...

Thanks,
Alexey
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Wolf-Dieter Fink
On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
#simple is
//subsystem=security/security-domain=lbank:add(cache-type=default)/

but how to know that "classic" must used?
//subsystem=security/security-domain=lbank/authentication=/
tab completition will not help, only if I type =classic: the tab
completition will show commands otherwise not
This is for the security team to answer.

I suppose that this should be correct, but it shows an error:
EAP6
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014688: Wrong type for value.
Expected [LIST] but was STRING",
     "rolled-back" => true
}
/
Looks like this version doesn't support simplified syntax for parameter 
values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...

AS7.2 (upstream)
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014807: Management resource '[
     (\"subsystem\" => \"security\"),
     (\"security-domain\" => \"lbank2\"),
     (\"authentication\" => \"classic\")
]' not found",
     "rolled-back" => true
}/
The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /] 
/subsystem=security/security-domain=lbank/authentication=classic:add( ...

where you initialize the login-modules.
Looks like that AS7.2 include a fix and the different messages are confusing me.
The trick is:

/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])

But if I add the module options:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
{
    "failure-description" => [
        "JBAS014798: Validation failed for login-modules",
        "JBAS014688: Wrong type for module-options. Expected [OBJECT] but was LIST"
    ],
    "rolled-back" => true
}

How do I add th module-options as OBJECT?


The result should look like:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-resource
{
    "outcome" => "success",
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties")
        ]
    }]}
}

XML:
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>





_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Wolf-Dieter Fink
Just to complete the thread.

With AS7.2 (current upstream) the command will run successful with the expression (note the \ quotes of {} )

/subsystem=security/security-domain=lbank/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/lbank-users.properties,rolesProperties=$\{jboss.server.config.dir\}/lbank-roles.properties}}]


It will fail with former tags and EAP (7.1.3 not tested ATM)

Wolf



On 08/03/2012 06:26 PM, Wolf-Dieter Fink wrote:
On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
#simple is
//subsystem=security/security-domain=lbank:add(cache-type=default)/

but how to know that "classic" must used?
//subsystem=security/security-domain=lbank/authentication=/
tab completition will not help, only if I type =classic: the tab
completition will show commands otherwise not
This is for the security team to answer.

I suppose that this should be correct, but it shows an error:
EAP6
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014688: Wrong type for value.
Expected [LIST] but was STRING",
     "rolled-back" => true
}
/
Looks like this version doesn't support simplified syntax for parameter 
values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...

AS7.2 (upstream)
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014807: Management resource '[
     (\"subsystem\" => \"security\"),
     (\"security-domain\" => \"lbank2\"),
     (\"authentication\" => \"classic\")
]' not found",
     "rolled-back" => true
}/
The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /] 
/subsystem=security/security-domain=lbank/authentication=classic:add( ...

where you initialize the login-modules.
Looks like that AS7.2 include a fix and the different messages are confusing me.
The trick is:

/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])

But if I add the module options:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
{
    "failure-description" => [
        "JBAS014798: Validation failed for login-modules",
        "JBAS014688: Wrong type for module-options. Expected [OBJECT] but was LIST"
    ],
    "rolled-back" => true
}

How do I add th module-options as OBJECT?


The result should look like:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-resource
{
    "outcome" => "success",
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties")
        ]
    }]}
}

XML:
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>






_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev


_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Stefan Guilhen
Hi Wolf,

On 08/03/2012 03:07 PM, Wolf-Dieter Fink wrote:
Just to complete the thread.

With AS7.2 (current upstream) the command will run successful with the expression (note the \ quotes of {} )

/subsystem=security/security-domain=lbank/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/lbank-users.properties,rolesProperties=$\{jboss.server.config.dir\}/lbank-roles.properties}}]


It will fail with former tags and EAP (7.1.3 not tested ATM)

Yea, that works with the current master and branch 7.1 (future 7.1.3). The difference is that module-option expressions are not supported in the 7.1 branch (see PRODMGT-182 for details), but the CLI command to add a security domain is the same.

I've tried adding a domain in EAP6 and after a few tries I've managed to do it with the following commands:

 ./subsystem=security/security-domain=test:add(cache-type=default)

{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}

./subsystem=security/security-domain=test/authentication=classic:add(login-modules=[{"code"=>"UsersRoles","flag"=>"required","module-options"=>[("prop1"=>"value1"),("prop2"=>"value2")]}])

{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

The above produces the following in standalone.xml:

<security-domain name="test" cache-type="default">
    <authentication>
        <login-module code="UsersRoles" flag="required">
            <module-option name="prop1" value="value1"/>
            <module-option name="prop2" value="value2"/>
        </login-module>
    </authentication>
</security-domain>

BTW, I also saw the failure to auto-complete the authentication=classic part in AS 7.2 (works on EAP though). I'll take a look into it.

Cheers,
Stefan


Wolf



On 08/03/2012 06:26 PM, Wolf-Dieter Fink wrote:
On 08/03/2012 05:53 PM, Alexey Loubyansky wrote:
On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
#simple is
//subsystem=security/security-domain=lbank:add(cache-type=default)/

but how to know that "classic" must used?
//subsystem=security/security-domain=lbank/authentication=/
tab completition will not help, only if I type =classic: the tab
completition will show commands otherwise not
This is for the security team to answer.

I suppose that this should be correct, but it shows an error:
EAP6
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014688: Wrong type for value.
Expected [LIST] but was STRING",
     "rolled-back" => true
}
/
Looks like this version doesn't support simplified syntax for parameter 
values, so try using complete DMR format, i.e. [{"code"=>"UsersRoles", ...

AS7.2 (upstream)
/[standalone@localhost:9999 /]
/subsystem=security/security-domain=lbank/authentication=classic:write-attribute(name=login-modules,value=[{code=UsersRoles,flag=required}])
{
     "outcome" => "failed",
     "failure-description" => "JBAS014807: Management resource '[
     (\"subsystem\" => \"security\"),
     (\"security-domain\" => \"lbank2\"),
     (\"authentication\" => \"classic\")
]' not found",
     "rolled-back" => true
}/
The classic doesn't exist. It has to be added first, i.e.
[standalone@localhost:9999 /] 
/subsystem=security/security-domain=lbank/authentication=classic:add( ...

where you initialize the login-modules.
Looks like that AS7.2 include a fix and the different messages are confusing me.
The trick is:

/subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required}])

But if I add the module options:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank2/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options=[{name=userProperties,value="ABC"}]}])
{
    "failure-description" => [
        "JBAS014798: Validation failed for login-modules",
        "JBAS014688: Wrong type for module-options. Expected [OBJECT] but was LIST"
    ],
    "rolled-back" => true
}

How do I add th module-options as OBJECT?


The result should look like:
[standalone@localhost:9999 /] /subsystem=security/security-domain=lbank/authentication=classic:read-resource
{
    "outcome" => "success",
        "code" => "UsersRoles",
        "flag" => "required",
        "module-options" => [
            ("usersProperties" => expression "${jboss.server.config.dir}/lbank-users.properties"),
            ("rolesProperties" => expression "${jboss.server.config.dir}/lbank-roles.properties")
        ]
    }]}
}

XML:
                 <security-domain name="lbank" cache-type="default">
                    <authentication>
                        <login-module code="UsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/lbank-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/lbank-roles.properties"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>






_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev



_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev


_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of CLI to add security-domain

Alexey Loubyansky
In reply to this post by Wolf-Dieter Fink
On 07/27/2012 08:02 PM, Wolf-Dieter Fink wrote:
>
> BTW the CLI tab completition crash:
> //subsystem=security/security-domain=lbankx/authentication=(

Ah, because of the '(' after the '='. It's an unexpected syntax.
Shouldn't fail like this, of course.

Thanks,
Alexey

> java.lang.IllegalArgumentException: The argument value is not specified
> for name: 'null'
>      at
> org.jboss.as.cli.operation.impl.DefaultOperationRequestBuilder.addProperty(DefaultOperationRequestBuilder.java:113)
>      at
> org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:208)
>      at
> org.jboss.as.cli.operation.impl.DefaultOperationCandidatesProvider.getProperties(DefaultOperationCandidatesProvider.java:51)
>      at
> org.jboss.as.cli.operation.OperationRequestCompleter.complete(OperationRequestCompleter.java:142)
>      at org.jboss.as.cli.CommandCompleter.complete(CommandCompleter.java:93)
>      at org.jboss.as.cli.impl.Console$Factory$1$1.complete(Console.java:96)
>      at org.jboss.jreadline.console.Console.complete(Console.java:809)
>      at org.jboss.jreadline.console.Console.read(Console.java:383)
>      at org.jboss.jreadline.console.Console.read(Console.java:221)
>      at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:166)
>      at
> org.jboss.as.cli.impl.CommandContextImpl.interact(CommandContextImpl.java:1129)
>      at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:243)
>      at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:34)
>      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>      at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>      at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>      at java.lang.reflect.Method.invoke(Method.java:616)
>      at org.jboss.modules.Module.run(Module.java:270)
>      at org.jboss.modules.Main.main(Main.java:294)
> /
>
>
> _______________________________________________
> jboss-as7-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev