Bug 900810 (JBPAPP6-1400) - CLONE - adding JSSE to a security domain with the CLI does not persist
Summary: CLONE - adding JSSE to a security domain with the CLI does not persist
Keywords:
Status: CLOSED NOTABUG
Alias: JBPAPP6-1400
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Anil Saldhana
QA Contact:
URL: http://jira.jboss.org/jira/browse/JBP...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-22 10:09 UTC by Tom Fonteyne
Modified: 2014-03-24 15:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-12-27 11:11:27 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1080069 0 unspecified CLOSED (6.4.0) JSSE configuration in security domain is not persisted 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker JBPAPP6-1400 0 Major Closed CLONE - adding JSSE to a security domain with the CLI does not persist 2014-06-16 01:37:44 UTC

Internal Links: 1080069

Description Tom Fonteyne 2012-08-22 10:09:19 UTC 
Steps to Reproduce: # create a domain
/subsystem=security/security-domain=mydomain:add()
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}

# add JSSE settings:
/subsystem=security/security-domain=mydomain/jsse=classic:add(keystore=[{"url" => "${jboss.server.config.dir}/jboss.keystore","password" => "secret"}])
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

# double check
/subsystem=security/security-domain=mydomain:read-resource(recursive=true)
{
    "outcome" => "success",
    "result" => {
        "acl" => undefined,
        "audit" => undefined,
        "authentication" => undefined,
        "authorization" => undefined,
        "cache-type" => undefined,
        "identity-trust" => undefined,
        "mapping" => undefined,
        "jsse" => {"classic" => {
            "additional-properties" => undefined,
            "cipher-suites" => undefined,
            "client-alias" => undefined,
            "client-auth" => undefined,
            "key-manager" => undefined,
            "keystore" => [{
                "url" => "${jboss.server.config.dir}/jboss.keystore",
                "password" => "secret"
            }],
            "protocols" => undefined,
            "server-alias" => undefined,
            "service-auth-token" => undefined,
            "trust-manager" => undefined,
            "truststore" => undefined
        }}
    },
    "response-headers" => {"process-state" => "reload-required"}
}

Now quit and stop the server, then look at the xml:

      <security-domain name="mydomain">
         <jsse/>
      </security-domain>

So the settings are not written to the xml configuration file
Workaround: Workaround Exists
Workaround Description: edit the xml manually
project_key: JBPAPP6

Adding JSSE setting to a security domain works in-memory, but they are not written to the xml file.
Comment 1 Tom Fonteyne 2012-08-22 10:09:19 UTC 
Link: Added: This issue Cloned from AS7-5411
Comment 2 Tom Fonteyne 2012-08-22 10:10:25 UTC 
Workflow: Removed: GIT Pull Request workflow  Added: jira
Security: Added: Public
Docs QE Status: Added: NEW
Comment 3 Alexey Loubyansky 2012-08-22 10:48:58 UTC 
This is not a CLI issue.
Comment 4 Brian Stansberry 2012-08-22 13:18:41 UTC 
The CLI is a client, so a server side problem is never a CLI issue.
Comment 5 Anne-Louise Tangring 2012-11-13 20:57:54 UTC 
Docs QE Status: Removed: NEW
Comment 6 Tom Fonteyne 2012-12-27 11:11:27 UTC 
See https://issues.jboss.org/browse/AS7-5411

Issue is not the failing of the write, the "real" issue was the SUCCESS message which should have been FAILED -> fixed
Note You need to log in before you can comment on or make changes to this bug.