Justin's WildFly Blog

converting-legacy-properties-files-into-a-filesystemrealm Overview In WildFly 16, Elytron Tool now provides a command for easily converting any legacy properties files into a FileSystemRealm. This blog post will give an overview of the two ways parameters can be specified for this command, the various parameters, and an example of how to convert both properties files for both a single users-roles mapping and for specifying multiple files at once. The Two Ways to Specify Parameters This new command, FileSystemRealmCommand, allows the ability to specify the input files and Elytron object names on either the command line, ideal for a single users-roles combination, or through a text file called a Descriptor File, ideal for multiple users-roles combinations. In either case, the general use options will have to be specified on the command line, which are: --help --debug --silent --summary Both the command line and descriptor file have three required par...

dynamically-generating-certificates-keystores-in-elytron Dynamically Generating KeyStores, TrustStores, and Certificates with WildFly Elytron Overview It is now possible to quickly and easily generate KeyStores, TrustStores, and Certificates by utilizing the Elytron Examples methods. A new utility class, CertificateGenerator, has been added that can generate a KeyStore and TrustStore, along with saving them to a file-system directory, with a single API call. This utility class can further be used to easily generate client and server KeyStores and TrustStores for Two Way SSL or can be easily fully customized to create as many KeyStores, TrustStores, Certificates (self signed and signed) as wanted, along with saving as many of those KeyStores and TrustStores to as many or as few directories as wanted. This blog post will go into several of the customization and default methods available, along with showing an example. Further examples can be found in the Certi...

In WildFly 14, you are able to dynamically reload trust managers using the Elytron subsystem, for trust managers using one of multiple of file and LDAP backed keystores. This blog post will give an overview of how to use this new operation through an example in the WildFly CLI. Pre-requirements Before any of the following operations can be done in the CLI, the keystores will first have to be created. As mentioned, these can either be file or LDAP backed keystores. In the following examples, the keystores will be stored in WildFly's standalone/configuration directory. File Backed Keystores First, generate the client and server keystores: keytool -genkeypair - alias client -keyalg RSA -keysize 1024 -validity 365 -keystore client.keystore.jks -dname cn=client,ou=Users,dc=jboss,dc=org -keypass secret -storepass secret; keytool -genkeypair - alias server -keyalg RSA -keysize 1024 -validity 365 -keystore server.keystore.jks -dname CN=server,ou=Users,dc=jboss,dc=org -keypass s...