Can I write the server-identities value with the CLI in Red Hat JBoss EAP 6?

Question

I'd like to know how to use the CLI to add a new secret value attribute to the server-identities attribute for a Managed Domain instance.

While adding a new user via the command line we are recommended to add the secret value to the server instance. But there's not a lot of information given on how to do that. We know that this occurs in the host-master.xml file for instance, and that I understand that I can edit this in the XML. An example is as follows:

  <management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <server-identities>
                  <secret value="superdupersecret" />
            </server-identities>
            <authentication>
                <local default-user="$local" />
                <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
            </authentication>
        </security-realm>
        .
        .
        .
</management>

I can view the node by running the read-resource operation as follows from the root (the "shotgun approach" to piping all the parameters and variables passed at runtime out for a quick search). I could have easily grepped it.

:read-resource(recursive=true, include-runtime=true) > nameoffile.txt  

This shows the path of the node I'm after.

"host" => {"master" => {  
        ...snip...
        "core-service" => {  
            "management" => {  
                "ldap-connection" => undefined,  
                "management-interface" => {  
                    "native-interface" => {  
                        "interface" => "management",  
                        "port" => expression "${jboss.management.native.port:9999}",  
                        "security-realm" => "ManagementRealm"  
                    },  
                    "http-interface" => {  
                        "console-enabled" => true,  
                        "interface" => "management",  
                        "port" => expression "${jboss.management.http.port:9990}",  
                        "secure-port" => undefined,  
                        "security-realm" => "ManagementRealm"  
                    }  
                },  
                "security-realm" => {  
                    "ManagementRealm" => {  
                        "authorization" => undefined,  
                        "plug-in" => undefined,  
                        "server-identity" => undefined,  
                        "authentication" => {  
                            "local" => {  
                                "allowed-users" => undefined,  
                                "default-user" => "$local" 

I can then cd into the node, but I'm not sure what the operation composition is at this level. I'm able to write other values and attributes in the CLI, but at this level I'm unsure what the method is. Any suggestions appreciated. For example, these fail. Assumptions are that I don't need to add this attribute first before writing the value, and that this node is even able to be written in the CLI (any thoughts Alexey?).

[domain@localhost:9999 security-realm=ManagementRealm] /host=master/core-service=management/security-realm=ManagementRealm/server-identity/:write(server-identity="new_value")  

And:

[domain@localhost:9999 security-realm=ManagementRealm] /host=master/core-service=management/security-realm=ManagementRealm/:write(server-identity="new_value")  

Answer 1

The ejb-security-interceptors project has a CLI script that deals with this. Relevant part below:

/core-service=management/security-realm=ejb-outbound-realm:add    
/core-service=management/security-realm=ejb-outbound-realm/server-identity=secret:add(value="Q29ubmVjdGlvblBhc3N3b3JkMSE=")