15

我正在关注以下教程:https ://github.com/jbosstm/quickstart/tree/master/XTS/ssl

使用 jboss-cli 成功添加了 security-realm:

/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add( \
   keystore-path=./standalone/configuration/server.keystore, \
   keystore-password=client, \
   alias=client)

当我尝试添加https-listener

/subsystem=undertow/server=default-server/https-listener=https:add( \
    socket-binding="https", security-realm="SSLRealm" \
)

WildFly 抛出异常:

{
  "outcome" => "failed",
  "failure-description" => "JBAS014750: Operation handler failed to complete",
  "rolled-back" => true
}

任何想法如何添加https-listener

4

3 回答 3

15

以下是在 WildFly 8.1 上对我有用的方法:

添加领域:

[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm:add()
{"outcome" => "success"}

配置它:

[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm/server-identity=ssl:add(keystore-path=websocket.keystore, keystore-relative-to=jboss.server.config.dir, keystore-password=websocket)
{
    "outcome" => "success",
    "response-headers" => {
        "operation-requires-reload" => true,
        "process-state" => "reload-required"
    }
}

添加一个新的监听器:

[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=WebSocketRealm)
{
    "outcome" => "success",
    "response-headers" => {"process-state" => "reload-required"}
}

然后重启:

[standalone@localhost:9990 /] reload

这将以下片段添加到standalone/configuration/standalone.xml:

<security-realm name="WebSocketRealm">
            <server-identities>
                <ssl>
                    <keystore path="websocket.keystore" relative-to="jboss.server.config.dir" keystore-password="websocket"/>
                </ssl>
            </server-identities>
        </security-realm>


<https-listener name="https" socket-binding="https" security-realm="WebSocketRealm"/>

您使用的是哪个版本的 WildFly?

于 2014-10-27T23:22:55.087 回答
12

我通过调整standalone.xml 做到了这一点。据我所知,步骤是:

  1. 为 ssl 侦听器添加安全领域

    <security-realm name="SSLRealm">
  <server-identities>
    <ssl protocol="TLS">
      <keystore path="keystore-name" relative-to="jboss.server.config.dir" keystore-password="password" alias="alias"/>
    </ssl>
  </server-identities>
  <authentication>
    <truststore path="truststorename" relative-to="jboss.server.config.dir" keystore-password="password"/>
  </authentication>
</security-realm>

  2. 将 https-listener 添加到 undertow 配置中

    <https-listener name="default-https" socket-binding="https" security-realm="SSLRealm" verify-client="REQUESTED"/>

  3. 将 https-listener 的套接字绑定添加到套接字绑定列表

    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>

我尚未尝试使用管理界面添加此侦听器,但上述方法效果很好。

于 2014-06-19T12:19:01.040 回答
1

在我的情况下,当我尝试添加 https-listener 时,安全领域中使用的密钥库不存在。将密钥库复制到配置目录并reload在 CLI 中执行后,我可以使用 CLI 添加 https-listener。

尽管 CLI 不会打印出信息丰富的错误消息,但控制台会告诉您 wildfly 找不到密钥库。

于 2017-05-31T11:20:50.667 回答