I am trying to migrate a project from using the Legacy Security to using Elytron. I followed the steps in the documentation: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/migration_guide/migrating_to_elytron#migrate_ssl_configurations
I verified it first by running:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
Result:
{
"outcome" => "success",
"result" => "ApplicationRealm"
}
Then I followed the steps in the documentation to create a key-store, key-manager, server-ssl-context, and switched the https-listener. And reloaded the server.
/subsystem=elytron/key-store=KeyStore:add(path=$keystore_file,type=JKS,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/key-manager=KeyManager:add(key-store=KeyStore,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/server-ssl-context=SSLContext:add(key-manager=KeyManager)
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=SSLContext)
run-batch
Then I checked the https-listener again:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
But the result was undefined.
{
"outcome" => "success",
"result" => "Undefined"
}
When I check the standalone-full-ha.xml the SSLContext is there. Is there any other ways to check if the migration is ok?
It's doing exactly what you have told it to do, you are calling undefine, then reading back what you undefined