As part of my project, I need to support legacy JAAS security domain to protect my EJBs. I am following the quickstart (https://github.com/wildfly/quickstart/tree/master/ejb-security-jaas) and updating the configuration using jboss-cli (https://github.com/wildfly/quickstart/blob/master/ejb-security-jaas/configure-elytron-jaas.cli). Everything is working fine with my POC.
But, I am facing an issue when I am trying to apply this concept in production code. We wrap our production code along with WildFly and ask customer to start our product (which internally starts WildFly). As per my understanding, jboss-cli needs WildFly to be running- so, I am trying with the following two approaches
Approach 1
This is having lots of challenges including the requirement to restart
Approach 2
Currently, I am following approach 2, but updating standalone.xml with ant script looks inefficient to me. Is there any better approach? Any suggestion from the experts is welcome.
You can do what you want using embed-server. Below is a script I use to add a datasource using jboss-cli. The key parts of this are the embed-server and batch parts:
embed-server --server-config=standalone.xml --std-out=echo
batch
module add --name=org.postgres --resources=${user.home}/Downloads/postgresql-42.2.12.jar --dependencies=javax.api,javax.transaction.api
/subsystem=datasources/jdbc-driver=postgres:add(driver-name="postgres",driver-module-name="org.postgres",driver-class-name=org.postgresql.Driver)
/subsystem=datasources/data-source=blah/:add(connection-url=jdbc:postgresql://localhost:5432/blah,driver-name=postgres,jndi-name=java:/jdbc/blah,initial-pool-size=4,max-pool-size=64,min-pool-size=4,password=blah,user-name=blah)
run-batch
You can see that this is updating standalone.xml. Obviously if you are using a different configuration file you can use it here.
An important part of this is that Wildfly should not be running.