将 SSL 配置迁移到 Elytron
Migrate SSL Config to Elytron
我正在尝试将一个项目从使用 Legacy Security 迁移到使用 Elytron。我按照文档中的步骤操作:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/migration_guide/migrating_to_elytron#migrate_ssl_configurations
我先验证了运行:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
结果:
{
"outcome" => "success",
"result" => "ApplicationRealm"
}
然后我按照文档中的步骤创建了一个key-store、key-manager、server-ssl-context,并切换了https-listener。并重新加载服务器。
/subsystem=elytron/key-store=KeyStore:add(path=$keystore_file,type=JKS,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/key-manager=KeyManager:add(key-store=KeyStore,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/server-ssl-context=SSLContext:add(key-manager=KeyManager)
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=SSLContext)
run-batch
然后我再次检查了 https-listener:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
但结果未定义。
{
"outcome" => "success",
"result" => "Undefined"
}
当我检查 standalone-full-ha.xml 时,SSLContext 就在那里。有没有其他方法可以检查迁移是否正常?
它完全按照您的指示执行,您正在调用 undefine,然后读回您未定义的内容
我正在尝试将一个项目从使用 Legacy Security 迁移到使用 Elytron。我按照文档中的步骤操作:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/migration_guide/migrating_to_elytron#migrate_ssl_configurations
我先验证了运行:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
结果:
{
"outcome" => "success",
"result" => "ApplicationRealm"
}
然后我按照文档中的步骤创建了一个key-store、key-manager、server-ssl-context,并切换了https-listener。并重新加载服务器。
/subsystem=elytron/key-store=KeyStore:add(path=$keystore_file,type=JKS,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/key-manager=KeyManager:add(key-store=KeyStore,credential-reference={clear-text=$keystore_password})
/subsystem=elytron/server-ssl-context=SSLContext:add(key-manager=KeyManager)
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=SSLContext)
run-batch
然后我再次检查了 https-listener:
/subsystem=undertow/server=default-server/https-listener=https:read-attribute(name=security-realm)
但结果未定义。
{
"outcome" => "success",
"result" => "Undefined"
}
当我检查 standalone-full-ha.xml 时,SSLContext 就在那里。有没有其他方法可以检查迁移是否正常?
它完全按照您的指示执行,您正在调用 undefine,然后读回您未定义的内容