3 Replies Latest reply on Feb 10, 2012 9:02 PM by jbrow

    Adding Security-Domain with CLI console 7.1.0.CR1b

    smtrax

      I tried to add my security-domain with CLI like on : https://community.jboss.org/thread/170260


      /subsystem=security/security-domain=MyEncryptedDS:add(cache-type=default,authentication=[{"code"=>"SecureIdentity","flag"=>"required","module-options"=>[("username"=>"sa"),("password"=>"encryptedPassword")]}])

       

      But this command don't work in JBoss 7.1.0CR1b. So I tried it in JBoss 7.0.2Final and there works fine.

       

      So i make command for my security-domain:

       

      /subsystem=security/security-domain=my-securiti-domain:add(cache-type=default, authentication=[{"code"=>"Database","flag"=>"required", "module-options"=>[("dsJndiName"=>"java:myDS"), ("principalsQuery"=>"SELECT password FROM as_user WHERE username=?"), ("rolesQuery"=>"SELECT 'User', 'Roles' FROM as_user WHERE username=?")]}])

       

      And works in 7.0.2Final  but not in 7.1.0CR1b.

       

      Can someone tell me whay then in not working in JBoss7.1.0CR1b? Or maybe my sintaks is wrong?

        • 1. Re: Adding Security-Domain with CLI console 7.1.0.CR1b
          smtrax

          I have splited command into two commands, after them was posible to create Securit-Domain:

           

          /subsystem=security/security-domain=TestSD:add(cache-type=default)

           

          /subsystem=security/security-domain=TestSD/authentication=classic:add(login-modules=[{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:myDS"),("principalsQuery"=>"SELECT password FROM as_user WHERE username=?"),("rolesQuery"=>"SELECT 'User', 'Roles' FROM as_user WHERE username=?")]}]

          • 2. Re: Adding Security-Domain with CLI console 7.1.0.CR1b
            jaikiran

            So you weren't able to include the cache-type in a single command? What error were you seeing on the server? I am not sure if this was a intentional change or if there's some bug here.

            • 3. Re: Adding Security-Domain with CLI console 7.1.0.CR1b
              jbrow

              I think the authentication is now a sub-resource to the security-domain. For future reference of people using "jboss-as-maven-plugin", this seems to work to add a security domain:

               

              (NOTE:  This is currently in 7.1.0.Final-SNAPSHOT, which as far as I can tell is not in a repo anywhere.  You can get it from Github )

               

              <execution>

                  <id>MyPolicy</id>

                  <phase>install</phase>

                  <configuration>

                      <address>subsystem=security</address>

                      <force>true</force>

                      <resources>

                          <resource>

                              <address>security-domain=MyPolicy</address>

                              <properties>

                                  <cache-type>default</cache-type>

                              </properties>

                              <resources>

                                  <resource>

                                      <address>security-domain=MyPolicy,authentication=classic</address>

                                      <properties>

                                          <login-modules>!![{"code"=>"Database","flag"=>"required","module-options"=>[("dsJndiName"=>"java:jboss/datasources/MyPool"),("principalsQuery"=>"select

                                              password from users where

                                              user_name=?"),("rolesQuery"=>"select role, 'Roles' from

                                              my_user_roles where

                                              user_name=?"),("hashAlgorithm"=>"SHA-256"),("hashEncoding"=>"base64")]}]</login-modules>

                                      </properties>

                                  </resource>

                              </resources>

                          </resource>

                      </resources>

                  </configuration>

                  <goals>

                      <goal>add-resource</goal>

                  </goals>

              </execution>