-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
modify-elytron-config.cli
67 lines (49 loc) · 4.62 KB
/
modify-elytron-config.cli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
embed-server --admin-only=true
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication)
/subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
/subsystem=batch-jberet:write-attribute(name=security-domain, value=ApplicationDomain)
/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory, value=application-sasl-authentication)
/subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)
/core-service=management/access=identity:add(security-domain=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
/core-service=management/security-realm=ManagementRealm:remove
/core-service=management/security-realm=ApplicationRealm/authentication=local:remove
/core-service=management/security-realm=ApplicationRealm/authentication=properties:remove
/core-service=management/security-realm=ApplicationRealm/authorization=properties:remove
/subsystem=datasources/data-source=ExampleDS:undefine-attribute(name=password)
/subsystem=datasources/data-source=ExampleDS:write-attribute(name=credential-reference,value={clear-text=sa})
# Use filesystem-realm instead of legacy (compatibility mode) properties-realm in default domains
/subsystem=elytron/filesystem-realm=ManagementFsRealm:add(path=mgmt-users,relative-to=jboss.server.config.dir)
/subsystem=elytron/filesystem-realm=ApplicationFsRealm:add(path=application-users,relative-to=jboss.server.config.dir)
/subsystem=elytron/security-domain=ManagementDomain:list-add(name=realms, index=0, value={realm=ManagementFsRealm, role-decoder=groups-to-roles})
/subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=default-realm, value=ManagementFsRealm)
/subsystem=elytron/security-domain=ApplicationDomain:list-add(name=realms, index=0, value={realm=ApplicationFsRealm, role-decoder=groups-to-roles})
/subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=default-realm, value=ApplicationFsRealm)
# add test users (copies the test configuration from property files)
/subsystem=elytron/filesystem-realm=ManagementFsRealm/identity=testsuite:add()
/subsystem=elytron/filesystem-realm=ManagementFsRealm/identity=testsuite:set-password(clear={password="testSuitePassword"})
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:add()
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:set-password(clear={password="password1"})
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user1:add-attribute(name=groups, value=["Users","Role1"])
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user2:add()
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user2:set-password(clear={password="password2"})
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=user2:add-attribute(name=groups, value=["Users","Role2"])
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=guest:add()
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=guest:set-password(clear={password="guest"})
/subsystem=elytron/filesystem-realm=ApplicationFsRealm/identity=guest:add-attribute(name=groups, value=["guest"])
# Create some test credential store entries (aliases) - they will be checked by CredentialStoreTestCase
# The keystore file for the credential store is created by keytool maven plugin in pom.xml.
/subsystem=elytron/credential-store=cred-store-default:add(location=cred-store.jceks, modifiable=true, relative-to=jboss.server.config.dir, credential-reference={clear-text=password})
/subsystem=elytron/credential-store=cred-store-default/alias=alias-password:add(secret-value=password)
/subsystem=elytron/credential-store=cred-store-default/alias=alias-secret:add(secret-value=secret)
/subsystem=elytron/credential-store=cred-store-default:remove()
# datasources and ejb3 still has dependency on legacy security subsystem, so we can't remove it completely now
# /subsystem=security:remove
# /extension=org.jboss.as.security:remove
/subsystem=security/security-domain=other:remove
/subsystem=security/security-domain=jaspitest:remove
/subsystem=security/security-domain=jboss-ejb-policy:remove
/subsystem=security/security-domain=jboss-web-policy:remove
stop-embedded-server