ssljbosswildflyelytron

Migrate SSL Config to Elytron


I am trying to migrate a project from using the Legacy Security to using Elytron. I followed the steps in the documentation: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/migration_guide/migrating_to_elytron#migrate_ssl_configurations

I verified it first by running:

/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)

Result:

{
"outcome" => "success",
"result" => "ApplicationRealm"
}

Then I followed the steps in the documentation to create a key-store, key-manager, server-ssl-context, and switched the https-listener. And reloaded the server.

/subsystem=elytron/key-store=KeyStore:add(path=$keystore_file,type=JKS,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/key-manager=KeyManager:add(key-store=KeyStore,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/server-ssl-context=SSLContext:add(key-manager=KeyManager)
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=SSLContext)
run-batch

Then I checked the https-listener again:

/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)

But the result was undefined.

{
"outcome" => "success",
"result" => "Undefined"
}

When I check the standalone-full-ha.xml the SSLContext is there. Is there any other ways to check if the migration is ok?


Solution

  • It's doing exactly what you have told it to do, you are calling undefine, then reading back what you undefined