Uploaded image for project: 'JBoss Enterprise Application Platform 6'
  1. JBoss Enterprise Application Platform 6
  2. JBPAPP6-1400

CLONE - adding JSSE to a security domain with the CLI does not persist

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: EAP 6.0.0
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      1. create a domain
        /subsystem=security/security-domain=mydomain:add()
        {
        "outcome" => "success",
        "response-headers" => {"process-state" => "reload-required"}
        }

        # add JSSE settings:
        /subsystem=security/security-domain=mydomain/jsse=classic:add(keystore=[{"url" => "${jboss.server.config.dir}/jboss.keystore","password" => "secret"}])
        {
        "outcome" => "success",
        "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" }
        }

        # double check
        /subsystem=security/security-domain=mydomain:read-resource(recursive=true)
        {
        "outcome" => "success",
        "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authentication" => undefined,
        "authorization" => undefined,
        "cache-type" => undefined,
        "identity-trust" => undefined,
        "mapping" => undefined,
        "jsse" => {"classic" => {
        "additional-properties" => undefined,
        "cipher-suites" => undefined,
        "client-alias" => undefined,
        "client-auth" => undefined,
        "key-manager" => undefined,
        "keystore" => [{
        "url" => "${jboss.server.config.dir}/jboss.keystore",
        "password" => "secret"
        }],
        "protocols" => undefined,
        "server-alias" => undefined,
        "service-auth-token" => undefined,
        "trust-manager" => undefined,
        "truststore" => undefined
        }}
        },
        "response-headers" => {"process-state" => "reload-required"}

        }

      Now quit and stop the server, then look at the xml:

      <security-domain name="mydomain">
      <jsse/>
      </security-domain>

      So the settings are not written to the xml configuration file

      Show
      create a domain /subsystem=security/security-domain=mydomain:add() { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } # add JSSE settings: /subsystem=security/security-domain=mydomain/jsse=classic:add(keystore= [{"url" => "${jboss.server.config.dir}/jboss.keystore","password" => "secret"}] ) { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } # double check /subsystem=security/security-domain=mydomain:read-resource(recursive=true) { "outcome" => "success", "result" => { "acl" => undefined, "audit" => undefined, "authentication" => undefined, "authorization" => undefined, "cache-type" => undefined, "identity-trust" => undefined, "mapping" => undefined, "jsse" => {"classic" => { "additional-properties" => undefined, "cipher-suites" => undefined, "client-alias" => undefined, "client-auth" => undefined, "key-manager" => undefined, "keystore" => [{ "url" => "${jboss.server.config.dir}/jboss.keystore", "password" => "secret" }], "protocols" => undefined, "server-alias" => undefined, "service-auth-token" => undefined, "trust-manager" => undefined, "truststore" => undefined }} }, "response-headers" => {"process-state" => "reload-required"} } Now quit and stop the server, then look at the xml: <security-domain name="mydomain"> <jsse/> </security-domain> So the settings are not written to the xml configuration file
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      edit the xml manually

      Show
      edit the xml manually

      Description

      Adding JSSE setting to a security domain works in-memory, but they are not written to the xml file.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  anil.saldhana Anil Saldanha
                  Reporter:
                  tfonteyn Tom Fonteyne
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: