2 Replies Latest reply on Jul 11, 2013 3:33 AM by akshy_harale

Issue while getting the security domain,using Jboss admin api and Jboss CLI.

akshy_harale Jul 10, 2013 9:44 AM

Hi,

I am migrating from Jboss 7.1.1 + TEIID 8.3 to Jboss EAP 6.1 + TEIID 8.4. I am trying to get the available security domain from AS using the admin api / jboss cli for Jboss EAP 6.1.

The request and response for this is as follows :

Request

{

"recursive" => true,

"operation" => "read-resource",

"address" => [

("subsystem" => "security"),

("security-domain" => "SQLSecurityDomain")

]

}

-------------------------------------------

Response JBOSS EAP 6.1

{

"outcome" => "success",

"result" => {

"acl" => undefined,

"audit" => undefined,

"authorization" => undefined,

"cache-type" => "default",

"identity-trust" => undefined,

"jsse" => undefined,

"mapping" => undefined,

"authentication" => {"classic" => {

"login-modules" => [{

"code" => "SecureIdentity",

"flag" => "required",

"module" => undefined,

"module-options" => {

"username" => "uname",

"password" => "-68464afbc18e19e864265f4892564719"

}

}],

"login-module" => {"SecureIdentity" => {

"code" => "SecureIdentity",

"flag" => "required",

"module" => undefined,

"module-options" => {

"username" => "uname",

"password" => "-68464afbc18e19e864265f4892564719"

}

}}

}

When I compared this response with my previous AS (Jboss 7.1) it didn't had the login-module. Because of the login-module entry, the org.jboss.dmr.ModelValue.getChild() from jboss-dmr-1.1.6.Final-redhat-1.jar gives an java.lang.IllegalArgumentException.

The reason for that is in the dmr code it checks for (map.size()==1),but the map has size = 2 and hence an exception is thrown.

**Is there a work around for this or this is something to do with the standalone.xml configuration?

I am adding security as follows:

<security>

<security-domain>SQLServerSecurityDomain</security-domain>

</security>

<security-domain name="SQLServerSecurityDomain" cache-type="default">

<authentication>

<login-module code="SecureIdentity" flag="required">

<module-option name="username" value="user"/>

<module-option name="password" value="base64encoded-password"/>

</login-module>

</authentication>

</security-domain>

Thanks,

Akshay

1. Re: Issue while getting the security domain,using Jboss admin api and Jboss CLI.

ctomc Jul 10, 2013 11:32 AM (in response to akshy_harale)

Hi,

what changed was that login-modules attribute was changed from complex attribute to sub resource.
And as we try not to break backward compatibitly we now return both, old one as in login-modules and login-module=<name-of-module>

login-modules is there only for backaward compatibilty so you could still check if modules are defined by doing
result.get("authentication","classic").hasDefined("login-modules")
and that code would work for old and new system.

if you want to use new way do

ModelNode loginModules = result.get("authentication","classic","login-module).asList();
and then you can check for how many are there with loginModules.size()

hope that helps you

--
tomaz
Actions
2. Re: Issue while getting the security domain,using Jboss admin api and Jboss CLI.

akshy_harale Jul 11, 2013 3:33 AM (in response to ctomc)

Hi, Tomaz Cerar

Thanks for this solution. It works for me.

Thanks,
Akshay
Actions

Go to original post