security jakarta-ee wildfly java-ee-7 wildfly-8

Creating a security realm on WildFly 8.1.0 - Node path format is wrong around 'x' on issuing a command to create the realm

When issuing the following command on jboss-cli.bat (an MS-DOS batch file for windows) to create a security realm on WildFly 8.1.0 final as mentioned in this migration guide,

./subsystem=security/security-domain=app:add(cache-type="default")
  cd ./subsystem=security/security-domain=app
     ./authentication=classic:add(
       login-modules=[ {
         code="Database",
         flag="required",
         module-options={
           dsJndiName="java:/jdbc/project_datasource",
           principalsQuery="SELECT password FROM user_role_table WHERE user_id=?",
           rolesQuery="SELECT group_id, 'Roles'
                       FROM group_table gt INNER JOIN user_role_table urt ON gt.user_group_id = urt.user_id
                       WHERE urt.user_id=?", hashAlgorithm="SHA-256",
           hashEncoding="BASE64",
           unauthenticatedIdentity="guest"
         }
       }, {
         code="RoleMapping",
         flag="required",
         module-options={
           rolesProperties="file:${jboss.server.config.dir}/app.properties",
           replaceRole="false"
         }
       }
     ])

I get the following error on the cli prompt :

Node path format is wrong around 'cd.' (index 67)

If cd is removed, then the following error is reported.

Failed to perform read-opration-description to validate the request: java.util.concurrent.ExecutionException: Operation failed

The command is given in a contiguous text format as follows.

./subsystem=security/security-domain=app:add(cache-type="default") cd ./subsystem=security/security-domain=app ./authentication=classic:add(login-modules=[ {code="Database",flag="required",module-options={dsJndiName="java:/jdbc/project_datasource",principalsQuery="SELECT password FROM user_role_table WHERE user_id=?",rolesQuery="SELECT group_id, 'Roles' FROM group_table gt INNER JOIN user_role_table urt ON gt.user_group_id = urt.user_id WHERE urt.user_id=?",hashAlgorithm="SHA-256",hashEncoding="BASE64",unauthenticatedIdentity="guest"}},{code="RoleMapping",flag="required",module-options={rolesProperties="file:${jboss.server.config.dir} /app.properties",replaceRole="false"}}])

What is the fix? I just do not want to copy/past the XML to the configuration file as it might be different from version to version.

Solution

The problem is with combining more commands on a single line.

The simple solution for you is to use external file to store the CLI commands.

E.g. create security-domain.cli file in wildfly-8.1.0.Final/bin folder with following content (if you want to split a command to more lines, put backslash as a last character):

/subsystem=security/security-domain=app:add(cache-type="default")
/subsystem=security/security-domain=app/authentication=classic:add()
/subsystem=security/security-domain=app/authentication=classic/login-module=Database:add( \
    code="Database", \
    flag="required", \
    module-options=[ \
        ("dsJndiName"=>"java:/jdbc/project_datasource"), \
        ("principalsQuery"=>"SELECT password FROM user_role_table WHERE user_id=?"), \
        ("rolesQuery"=>"SELECT group_id, 'Roles' FROM group_table gt INNER JOIN user_role_table urt ON gt.user_group_id = urt.user_id WHERE urt.user_id=?"), \
        ("hashAlgorithm"=>"SHA-256"), \
        ("hashEncoding"=>"BASE64"), \
        ("unauthenticatedIdentity"=>"guest") \
    ])
/subsystem=security/security-domain=app/authentication=classic/login-module=RoleMapping:add( \
    code="RoleMapping", \
    flag="required", \
    module-options=[ \
        ("rolesProperties"=>"file:${jboss.server.config.dir}/app.properties"), \
        ("replaceRole"=>"false") \
    ])

(Your sample contains old style of setting login modules. It's a deprecated way now, so the example usage the new way.)

Run the new file with JBoss CLI tool:

jboss-cli.bat -c --file=security-domain.cli