As part of my project, I need to support legacy JAAS security domain to protect my EJBs. I am following the quickstart (https://github.com/wildfly/quickstart/tree/master/ejb-security-jaas) and updating the configuration using jboss-cli (https://github.com/wildfly/quickstart/blob/master/ejb-security-jaas/configure-elytron-jaas.cli). Everything is working fine with my POC.
But, I am facing an issue when I am trying to apply this concept in production code. We wrap our production code along with WildFly and ask customer to start our product (which internally starts WildFly). As per my understanding, jboss-cli needs WildFly to be running- so, I am trying with the following two approaches
Approach 1
- Start WildFly
- Run jboss-cli and make all the config related to supporting legacy JAAS security domain
- Restart WildFly
This is having lots of challenges including the requirement to restart
Approach 2
- Update the standalone.xml (using ant script during my product build time)
- Package my production code along with updated standalone.xml and WildFly
Currently, I am following approach 2, but updating standalone.xml with ant script looks inefficient to me. Is there any better approach? Any suggestion from the experts is welcome.
Advertisement
Answer
You can do what you want using embed-server
. Below is a script I use to add a datasource using jboss-cli. The key parts of this are the embed-server
and batch
parts:
embed-server --server-config=standalone.xml --std-out=echo batch module add --name=org.postgres --resources=${user.home}/Downloads/postgresql-42.2.12.jar --dependencies=javax.api,javax.transaction.api /subsystem=datasources/jdbc-driver=postgres:add(driver-name="postgres",driver-module-name="org.postgres",driver-class-name=org.postgresql.Driver) /subsystem=datasources/data-source=blah/:add(connection-url=jdbc:postgresql://localhost:5432/blah,driver-name=postgres,jndi-name=java:/jdbc/blah,initial-pool-size=4,max-pool-size=64,min-pool-size=4,password=blah,user-name=blah) run-batch
You can see that this is updating standalone.xml
. Obviously if you are using a different configuration file you can use it here.
An important part of this is that Wildfly should not be running.