Bug 900810 (JBPAPP6-1400)

Summary: CLONE - adding JSSE to a security domain with the CLI does not persist
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Tom Fonteyne <tfonteyn>
Component: SecurityAssignee: Anil Saldhana <anil.saldhana>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 6.0.0CC: alex, brian.stansberry, tfonteyn
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBPAPP6-1400
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-27 11:11:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom Fonteyne 2012-08-22 10:09:19 UTC 
Steps to Reproduce: # create a domain
/subsystem=security/security-domain=mydomain:add()
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}

# add JSSE settings:
/subsystem=security/security-domain=mydomain/jsse=classic:add(keystore=[{"url" => "${jboss.server.config.dir}/jboss.keystore","password" => "secret"}])
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

# double check
/subsystem=security/security-domain=mydomain:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authentication" => undefined,
        "authorization" => undefined,
        "cache-type" => undefined,
        "identity-trust" => undefined,
        "mapping" => undefined,
        "jsse" => {"classic" => {
            "additional-properties" => undefined,
            "cipher-suites" => undefined,
            "client-alias" => undefined,
            "client-auth" => undefined,
            "key-manager" => undefined,
            "keystore" => [{
                "url" => "${jboss.server.config.dir}/jboss.keystore",
                "password" => "secret"
            }],
            "protocols" => undefined,
            "server-alias" => undefined,
            "service-auth-token" => undefined,
            "trust-manager" => undefined,
            "truststore" => undefined
        }}
    },
    "response-headers" => {"process-state" => "reload-required"}
}

Now quit and stop the server, then look at the xml:

      <security-domain name="mydomain">
         <jsse/>
      </security-domain>

So the settings are not written to the xml configuration file
Workaround: Workaround Exists
Workaround Description: edit the xml manually
project_key: JBPAPP6

Adding JSSE setting to a security domain works in-memory, but they are not written to the xml file.
Comment 1 Tom Fonteyne 2012-08-22 10:09:19 UTC 
Link: Added: This issue Cloned from AS7-5411
Comment 2 Tom Fonteyne 2012-08-22 10:10:25 UTC 
Workflow: Removed: GIT Pull Request workflow  Added: jira
Security: Added: Public
Docs QE Status: Added: NEW
Comment 3 Alexey Loubyansky 2012-08-22 10:48:58 UTC 
This is not a CLI issue.
Comment 4 Brian Stansberry 2012-08-22 13:18:41 UTC 
The CLI is a client, so a server side problem is never a CLI issue.
Comment 5 Anne-Louise Tangring 2012-11-13 20:57:54 UTC 
Docs QE Status: Removed: NEW
Comment 6 Tom Fonteyne 2012-12-27 11:11:27 UTC 
See https://issues.jboss.org/browse/AS7-5411

Issue is not the failing of the write, the "real" issue was the SUCCESS message which should have been FAILED -> fixed