Application Server 7
  1. Application Server 7
  2. AS7-4951

adding Security Domain children(Authentication,Authorization,Audit,Mapping) by json not working.

    Details

    • Steps to Reproduce:
      Hide
      • standalone as7
      • create SecurityDomain with default-cache set.
      • attempt to create 'authentication|authorization|mapping|audit' children with valid details via json.
      • See description for more details.
      Show
      standalone as7 create SecurityDomain with default-cache set. attempt to create 'authentication|authorization|mapping|audit' children with valid details via json. See description for more details.
    • Similar Issues:
      Show 10 results 

      Description

      -'Add' operation for Security Domain children(Authentication,Authorization,Audit,Mapping) 'fails with JBAS014746: login-modules may not be null'. The fail message is for Authentication specifically ..but the other nodes fail with matching provider-modules not be null,etc.

      • Assumes there is a securityDomain of name 'testDomain3' with cache-type='default'.

      -Once the Security Domain child does exist 'read-attribute' and 'write-attribute' operations work as expected via json. This indicates to me that the json values for 'login-modules' is sound but just not acceptable because of a bug.

      • The same 'add' operation, see below, via cli completes successfully.
        /subsystem=security/security-domain=testDomain3/authentication=classic:add(login-modules=[{"code"=>"SecureIdentity","flag"=>"required","module-options"=>{"bindDn"=>"uid=ldapSecureUser,ou=People,dc=redat,dc=com"}}])
      • This is what the json contents look like before being sent off to the server. Switching 'add' to 'write-attribute' works correctly once the node already exists.:
        {
        "operation" : "add",
        "address" : [ { "subsystem" : "security" }

        ,

        { "security-domain" : "testDomain3" }

        ,

        { "authentication" : "classic" }

        ],
        "name" : "login-modules",
        "value" : [

        Unknown macro: { "flag" }

        ]
        }

      1. HttpClient.java
        5 kB
        Darran Lofthouse
      2. HttpClient.java
        5 kB
        Darran Lofthouse

        Activity

        Hide
        Simeon Pinder
        added a comment -

        I just pinged you in #jboss-as7 with this response:
        darranl: I did add the 'login-module' module component even in batch mode. I don't think batching has anything to do with this issue. The only difference between 'add' and 'write-attribute' is the operation name. 'add' fails when there is no component, but 'write-attribute' succeeds without problem and successfully updates when there is an existing 'authentication=classic' component.
        darranl: In both case the 'login-module' attribute is defined in the exact same way and by the same json excerpt. The fact 'login-module' is valid for 'write-attribute' and not for 'add' is why I think this is a bug.

        If you hit 'Edit' mode for this JIRA you will see the json excerpt being sent as the raw json is being parsed as a macro above otherwise.

        Does this help to clarify? I also think this is past a forum post because all the details are already laid out here in a public jira. No?

        Show
        Simeon Pinder
        added a comment - I just pinged you in #jboss-as7 with this response: darranl: I did add the 'login-module' module component even in batch mode. I don't think batching has anything to do with this issue. The only difference between 'add' and 'write-attribute' is the operation name. 'add' fails when there is no component, but 'write-attribute' succeeds without problem and successfully updates when there is an existing 'authentication=classic' component. darranl: In both case the 'login-module' attribute is defined in the exact same way and by the same json excerpt. The fact 'login-module' is valid for 'write-attribute' and not for 'add' is why I think this is a bug. If you hit 'Edit' mode for this JIRA you will see the json excerpt being sent as the raw json is being parsed as a macro above otherwise. Does this help to clarify? I also think this is past a forum post because all the details are already laid out here in a public jira. No?
        Hide
        Darran Lofthouse
        added a comment -

        The attached client both adds and removes a security domain over HTTP - on adding the authentication element at least one login module definition needs to be included.

        I am however having a problem adding the module-options that I am still looking into.

        Show
        Darran Lofthouse
        added a comment - The attached client both adds and removes a security domain over HTTP - on adding the authentication element at least one login module definition needs to be included. I am however having a problem adding the module-options that I am still looking into.
        Hide
        Darran Lofthouse
        added a comment -

        Stefan - Do you mind if I take ownership of this issue? The original complaint appears resolved with a compound operation of two add steps within the compound operation to add the domain definition but there is still a problem regarding the required type to define the module options - I really need to discuss this further with Brian as there is a backwards compatibility issue to this as well as an issue relating to validating happening at different points.

        Show
        Darran Lofthouse
        added a comment - Stefan - Do you mind if I take ownership of this issue? The original complaint appears resolved with a compound operation of two add steps within the compound operation to add the domain definition but there is still a problem regarding the required type to define the module options - I really need to discuss this further with Brian as there is a backwards compatibility issue to this as well as an issue relating to validating happening at different points.
        Hide
        Darran Lofthouse
        added a comment -

        Ignore the last comments and see the latest HttpClient attached - a slightly different form was needed to specify the module-options.

        This client demonstrates that it is possible to fully define a security domain using json over the HTTP management interface. For that reason I believe this issue can now be resolved.

        Show
        Darran Lofthouse
        added a comment - Ignore the last comments and see the latest HttpClient attached - a slightly different form was needed to specify the module-options. This client demonstrates that it is possible to fully define a security domain using json over the HTTP management interface. For that reason I believe this issue can now be resolved.
        Hide
        Darran Lofthouse
        added a comment -

        Marking as rejected as the attached client demonstrates this is possible.

        Show
        Darran Lofthouse
        added a comment - Marking as rejected as the attached client demonstrates this is possible.

          People

          • Assignee:
            Stefan Guilhen
            Reporter:
            Simeon Pinder
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: