Reputation: 1803
Wildfly 10 CLI security domain configuration
Right now our configuration of wildfly and the configuration.xml is done by a dozen of cmd scripts which call each other and so on. So pretty straight its annoying as hell.
Now I want to get rid of all that by writing a cli script which will do all the configuration as needed, but right at the beginning I am already stuck.
I simply want to add this layout of the xml over CLI:
<security-realm name="ssl-realm">
<server-identities>
<ssl>
<keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password"/>
</ssl>
</server-identities>
</security-realm>
So entering /core-service=management/security-realm=ssl-realm/:add will add the security realm. When I now want to add the inner part with commands like this:
/core-service=management/security-realm=ssl-realm/:write-attribute(name=server-identity,value=ssl)
/core-service=management/security-realm=ssl-realm/server-identity=ssl/:add
I get the message
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0201: Unknown attribute 'server-identity'",
"rolled-back" => true
}
and
null
when trying to add the server identity directly with the security realm like this:
/core-service=management/security-realm=ssl-realm/server-identity=ssl/:add
I get the error:
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0175: Resource [
(\"core-service\" => \"management\"),
(\"security-realm\" => \"ssl-realm\")
] does not exist; a resource at address [
(\"core-service\" => \"management\"),
(\"security-realm\" => \"ssl-realm\"),
(\"server-identity\" => \"ssl\")
] cannot be created until all ancestor resources have been added",
"rolled-back" => true
}
Asking google or the wildfly doc didn't really help. So if someone knows how to do it I would appreciate it.
Upvotes: 2
Views: 3028
Answers (2)
Reputation: 1875
The same error applies also to database configuration:
/subsystem=security/security-domain=testDB:add
/subsystem=security/security-domain=testDB/authentication=classic:add
/subsystem=security/security-domain=testDB/authentication=classic/login-module=Database:add(code=Database,flag=required,module-options=[("dsJndiName"=>"java:/MyDatabaseDS"),("principalsQuery"=>"select passwd from Users where username=?"),("rolesQuery"=>"select role, 'Roles' from UserRoles where username=?")])
reload
Source: Configuring a Security Domain to use the Database Login Module
Upvotes: 0
Reputation: 1631
try with these commands:
/core-service=management/security-realm=ssl-realm:add()
/core-service=management/security-realm=ssl-realm/server-identity=ssl:add(alias=value,keystore-relative-to=jboss.standalone.config.dir,keystore-password=abc,keystore-path=abc.jks)
Upvotes: 3
Related Questions
- Can I install modules to my wildfly through cli in domain mode?
- How to add security domain with Wildfly/Jboss CLI
- wildfly security domain not working
- Wildfly Management CLI Configuration
- Wildfly 14 CLI edit default jgroups
- Is command line the only way to configure wildfly 10 programatically?
- Wildfly 10 - read configuration parameter programmatically
- Automatic deployment of security-domain in WildFly 8.x
- Adding interface to wildfly
- Wildfly CLI not working for me