我遵循以下教程:https://github.com/jbosstm/quickstart/tree/master/XTS/ssl
使用jboss-cli成功添加了security-realm:
/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add( \
keystore-path=./standalone/configuration/server.keystore, \
keystore-password=client, \
alias=client)
当我尝试添加https-listener:
/subsystem=undertow/server=default-server/https-listener=https:add( \
socket-binding="https", security-realm="SSLRealm" \
)
WildFly抛出异常:
{
"outcome" => "failed",
"failure-description" => "JBAS014750: Operation handler failed to complete",
"rolled-back" => true
}
如何添加https-listener?
答案 0 :(得分:14)
以下是WildFly 8.1的功能:
添加领域:
[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm:add()
{"outcome" => "success"}
配置它:
[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm/server-identity=ssl:add(keystore-path=websocket.keystore, keystore-relative-to=jboss.server.config.dir, keystore-password=websocket)
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
添加新的侦听器:
[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=WebSocketRealm)
{
"outcome" => "success",
"response-headers" => {"process-state" => "reload-required"}
}
然后重启:
[standalone@localhost:9990 /] reload
这将以下片段添加到standalone / configuration / standalone.xml:
<security-realm name="WebSocketRealm">
<server-identities>
<ssl>
<keystore path="websocket.keystore" relative-to="jboss.server.config.dir" keystore-password="websocket"/>
</ssl>
</server-identities>
</security-realm>
和
<https-listener name="https" socket-binding="https" security-realm="WebSocketRealm"/>
您使用的是什么版本的WildFly?
答案 1 :(得分:11)
我通过调整standalone.xml来做到这一点。据我所知,步骤是:
为ssl侦听器添加安全领域
<security-realm name="SSLRealm">
<server-identities>
<ssl protocol="TLS">
<keystore path="keystore-name" relative-to="jboss.server.config.dir" keystore-password="password" alias="alias"/>
</ssl>
</server-identities>
<authentication>
<truststore path="truststorename" relative-to="jboss.server.config.dir" keystore-password="password"/>
</authentication>
</security-realm>
将https-listener添加到下位配置
<https-listener name="default-https" socket-binding="https" security-realm="SSLRealm" verify-client="REQUESTED"/>
将https-listener的套接字绑定添加到套接字绑定列表
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
我还没有尝试使用管理界面添加此侦听器,但上述方法运行良好。
答案 2 :(得分:1)
在我的情况下,当我尝试添加https-listener时,安全领域中使用的密钥库不存在。在将密钥库复制到config目录并在CLI中执行reload之后,我可以使用CLI添加https-listener。
虽然CLI不会打印出信息性错误消息,但控制台会告诉您wildfly无法找到密钥库。