Download the WildFly nightly build as was shown in the last entry and then let's just execute the CLI script:
bin/jboss-cli.sh --file=docs/examples/enable-elytron.cli
That's it :)
středa 12. července 2017
Enable Elytron in WildFly 2
Hooray, we have already a simple way to enable Elytron accross all the default server profiles. The JBoss CLI script was added to the application server distribution! You can find it in the docs/examples/enable-elytron.cli file.
Download the WildFly nightly build as was shown in the last entry and then let's just execute the CLI script:
That's it :)
Download the WildFly nightly build as was shown in the last entry and then let's just execute the CLI script:
That's it :)
úterý 24. ledna 2017
Enable Elytron in WildFly
Steps to enable Elytron in WildFly nightly builds.
The custom Elytron profile was removed now. The Elytron subsystem is newly introduced to all standard server profiles. The thing is, the Elytron is not used by default and users have to enable it in the subsystems themselves.
Let's look into how you can enable it.
Let's look into how you can enable it.
Get WildFly nightly build
# Download WildFly nightly build wget --user=guest --password=guest https://ci.wildfly.org/httpAuth/repository/downloadAll/WF_Nightly/.lastSuccessful/artifacts.zip # unzip build artifacts zip. It contains WildFly distribution ZIP unzip artifacts.zip # get the WildFly distribution ZIP name as property WILDFLY_DIST_ZIP=$(ls wildfly-*-SNAPSHOT.zip) # unzip WildFly unzip -q $WILDFLY_DIST_ZIP
Configure Elytron (default profile)
Use JBoss CLI to configure Elytron in subsystems.
wildfly-*-SNAPSHOT/bin/jboss-cli.sh << EOT
embed-server
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication)
/subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
/subsystem=batch-jberet:write-attribute(name=security-domain, value=ApplicationDomain)
/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory, value=application-sasl-authentication)
/subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)
/core-service=management/access=identity:add(security-domain=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
reload
/core-service=management/security-realm=ManagementRealm:remove
/core-service=management/security-realm=ApplicationRealm/authentication=local:remove
/core-service=management/security-realm=ApplicationRealm/authentication=properties:remove
/core-service=management/security-realm=ApplicationRealm/authorization=properties:remove
stop-embedded-server
EOT
Configure Elytron (full profile)
The full profile contains messaging, so we can enable Elytron in there too:
wildfly-*-SNAPSHOT/bin/jboss-cli.sh << EOT
embed-server --server-config=standalone-full.xml
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory=application-http-authentication)
/subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
/subsystem=batch-jberet:write-attribute(name=security-domain, value=ApplicationDomain)
/subsystem=messaging-activemq/server=default:undefine-attribute(name=security-domain)
/subsystem=messaging-activemq/server=default:write-attribute(name=elytron-domain, value=ApplicationDomain)
/subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory, value=application-sasl-authentication)
/subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)
/core-service=management/access=identity:add(security-domain=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
reload
/core-service=management/security-realm=ManagementRealm:remove
/core-service=management/security-realm=ApplicationRealm/authentication=local:remove
/core-service=management/security-realm=ApplicationRealm/authentication=properties:remove
/core-service=management/security-realm=ApplicationRealm/authorization=properties:remove
stop-embedded-server
EOT
New issue (WFLY-7949) was reported to add a possibility to enable the Elytron in a single step.
Happy elytroning!
Happy elytroning!
Přihlásit se k odběru:
Příspěvky (Atom)