-
1. Re: How can I set a property on java.security?
mchoma Oct 24, 2017 3:34 PM (in response to gir489)Which version of wildfly do you use?
Referenced documentation is for jboss-as-security_1_0.xsd. In jboss-as-security_1_1.xsd security-properties has disappeared.
dlofthouse don't you remember why? Also how is it possible that parser does not fail if xml does not match xsd?
Anyway, same can be achieved in wildfly 11 CR1 with Elytron. And this is probably way you should continue
[standalone@localhost:9990 /] /subsystem=elytron:write-attribute(name=security-properties.a,value=b) {"outcome" => "success"}
Which results in
<subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> <security-properties> <security-property name="a" value="b"/> </security-properties>
-
2. Re: How can I set a property on java.security?
gir489 Oct 24, 2017 3:49 PM (in response to mchoma)We're on Wildfly 10.
I see Wildfly 11 was released today. I'll give that a try and see if it works.
Is this going to be updated for a Wildfly 10 -> Widfly 11 converter? GitHub - wildfly/wildfly-server-migration: A tool to migrate a WildFly server
-
3. Re: How can I set a property on java.security?
jaikiran Oct 24, 2017 10:52 PM (in response to gir489)Robert Blody wrote:
Is this going to be updated for a Wildfly 10 -> Widfly 11 converter? GitHub - wildfly/wildfly-server-migration: A tool to migrate a WildFly server
Tomaz suggested a workaround for this here Re: JBoss Server Migration Tool for Wildfly 11
-
4. Re: How can I set a property on java.security?
gir489 Nov 29, 2017 10:18 AM (in response to mchoma)Hey, Martin. Now that we're on Wildfly 11 with an Elytron config, I was able to verify that using the jre1.8.0_152 runtime and adding the following XML, I was able to enable unlimited strength crypto.
<security-properties> <security-property name="crypto.policy" value="unlimited"/> </security-properties>
Removing that from the config gets a key strength exception, so it's definitely injecting the config before the JCE framework has been initialized as per the documentation.
This will be great going forward, as we try to containerize our platform with docker, since we want to have as much of the runtime stuff inside of the distro we use, and just expect the deployment engineer to grab the bare essentials. Before 152, trying to pack your application with AES-256 was a nightmare in Java, and Oracle finally found a way to weasel around the international arms embargo on math...
-
5. Re: How can I set a property on java.security?
mchoma Nov 30, 2017 1:08 AM (in response to gir489)Good to here that