-
1. Re: How to use allow-resource-service-restart in JBoss CLI
mchoma Oct 20, 2015 7:21 AM (in response to jprasanna)Try to add reload at the end of your cli file. Anyway, adding security domain on the fly is working on wildfly 10. How do you know it is not reflected immediately? How do you test that? Can't it be you see some cached results?
-
2. Re: How to use allow-resource-service-restart in JBoss CLI
ctomc Oct 20, 2015 7:36 AM (in response to jprasanna)yes, some resources support allow-resource-service-restart header, and some don't.
for ones that do, you can pass header in cli via bit special syntax by adding headers in curly brackets on end of operation.
for example {allow-resource-service-restart=true}
you can inspect the return of operation to see if reload is needed or if it was applied directly to runtime.
-
3. Re: How to use allow-resource-service-restart in JBoss CLI
jprasanna Oct 20, 2015 7:40 AM (in response to mchoma)I tested by adding one 'extended LDAP' and I gave a sample username and password from that 'extended LDAP'. I was not authenticated.
Then I restarted JBoss. I was authenticated
This is my cli file. What should be the command I should add at the end?
/subsystem=security/security-domain=SourceForge/authentication=classic:write-attribute(name=login-modules)
/subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule1:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://10.2.10.10:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=testuser,cn=Users,dc=qalab,dc=corp,dc=collab,dc=net", "bindCredential" => "Collabnet1!", "baseCtxDN" => "cn=Users,dc=qalab,dc=corp,dc=collab,dc=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "false", "rolesCtxDN" => "cn=Users,dc=qalab,dc=corp,dc=collab,dc=net", "roleFilter" => "(name={0})", "roleRecursion" => "-1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" ])
/subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule2:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://ldapserver/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=binduser,OU=Users,DC=domain,DC=local", "bindCredential" => "bindpasswd", "baseCtxDN" => "ou=Users,DC=domain,DC=local", "baseFilter" => "(uid={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=domain,DC=local", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" ])
-
4. Re: How to use allow-resource-service-restart in JBoss CLI
jprasanna Oct 22, 2015 2:09 AM (in response to jprasanna)Now My .cli file looks like this
/subsystem=security/security-domain=SourceForge/authentication=classic:write-attribute(name=login-modules){allow-resource-service-restart=true}
/subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule1:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://10.2.10.10:389/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=testuser,cn=Users,dc=qalab,dc=corp,dc=collab,dc=net", "bindCredential" => "Collabnet1!", "baseCtxDN" => "cn=Users,dc=qalab,dc=corp,dc=collab,dc=net", "baseFilter" => "(sAMAccountName={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "false", "rolesCtxDN" => "cn=Users,dc=qalab,dc=corp,dc=collab,dc=net", "roleFilter" => "(name={0})", "roleRecursion" => "-1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" ]){allow-resource-service-restart=true}
/subsystem=security/security-domain=SourceForge/authentication=classic/login-module=org.jboss.security.auth.spi.LdapExtLoginModule2:add(code=org.jboss.security.auth.spi.LdapExtLoginModule, flag=sufficient, module-options=[ "java.naming.provider.url" => "ldap://ldapserver/", "java.naming.referral" => "follow", "java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory", "java.naming.security.authentication" => "simple", "bindDN" => "cn=binduser,OU=Users,DC=domain,DC=local", "bindCredential" => "bindpasswd", "baseCtxDN" => "ou=Users,DC=domain,DC=local", "baseFilter" => "(uid={0})", "roleAttributeID" => "memberOf", "roleAttributeIsDN" => "true", "rolesCtxDN" => "DC=domain,DC=local", "roleFilter" => "(member={1})", "roleRecursion" => "1", "searchTimeLimit" => "5000", "searchScope" => "SUBTREE_SCOPE", "allowEmptyPasswords" => "false", "throwValidateError" => "true" ]){allow-resource-service-restart=true}
I have added {allow-resource-service-restart=true} at the end of each command. Still the changes are not getting reflected immediately i.e. I am not able to login without jboss restart.
Please respond and give us some solution.
Thanks in advance
-
5. Re: How to use allow-resource-service-restart in JBoss CLI
jprasanna Oct 22, 2015 2:27 AM (in response to jprasanna)When I tried to reload using the following command
/opt/collabnet/teamforge/runtime/jboss/bin/jboss-cli.sh --connect --command=:reload
the whole application goes down and I am getting
Caused by: java.net.ConnectException: JBAS012174: Could not connect to http-remoting://localhost:9990. The connection failed
at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:117)
at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:256)
at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
at org.jboss.as.protocol.mgmt.FutureManagementChannel$Establishing.getChannel(FutureManagementChannel.java:204)
at org.jboss.as.cli.impl.CLIModelControllerClient.getOrCreateChannel(CLIModelControllerClient.java:169)
at org.jboss.as.cli.impl.CLIModelControllerClient$2.getChannel(CLIModelControllerClient.java:129)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:117)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:92)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:236)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:141)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:127)
... 13 more
Caused by: java.net.ConnectException: Connection refused
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
at org.xnio.nio.WorkerThread$ConnectHandle.handleReady(WorkerThread.java:319)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:272)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:253)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:351)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:339)
at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:78)
at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:109)
... 23 more