Friday, June 7, 2013

Adding Users To JBoss 7

There is a need for adding Users for accessing the admin console. When ever we start the Standalone or domain Mode servers, the start up page says to add Users like



JBoss makes use of security realms to secure access to the management interfaces, these same realms are used to secure inbound access as exposed by JBoss Remoting such as remote JNDI and EJB access, the realms are also used to define an identity for the server - this identity can be used for both inbound connections to the server and outbound connections being established by the server.

ManagementRealm is a simple realm available in Jboss, this simply enables two authentication mechanisms, the local mechanism and username/password authentication which will be using Digest authentication

For username / password authentication the users details will be loaded from the file mgmt-users.properties which is located in {jboss.home}/standalone/configuration

Each user is represented on their own line and the format of each line is username=HASH where HASH is a pre-prepared hash of the users password along with their username and the name of the realm which in this case is ManagementRealm.

Add Users For the management Console

[root@vx111a bin]# ./add-user.sh

What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Realm (ManagementRealm) :
Username : system
Password :
Re-enter Password :
About to add user 'system' for realm 'ManagementRealm'
Is this correct yes/no? y
Added user 'system' to file '/soa/jboss-as-7.1.1.Final/standalone/configuration/mgmt-users.properties'
Added user 'system' to file '/soa/jboss-as-7.1.1.Final/domain/configuration/mgmt-users.properties'

Add Users in Different Way

C:\Users\xprk477\jboss-eap-6.0\bin>add-user.bat adminUser jbs4up
Added user 'adminUser' to file 'C:\Users\xprk477\jboss-eap-6.0\standalone\configuration\mgmt-users.properties'
Added user 'adminUser' to file 'C:\Users\xprk477\jboss-eap-6.0\domain\configuration\mgmt-users.properties'
Press any key to continue . . .

Note : If you add users using this approach there is a risk that any other user that can view the list of running process may see the arguments including the password of the user being added, there is also the risk that the username / password combination will be cached in the history file of the shell you are currently using.

Adding a Application User

C:\Users\xk477\jboss-eap-6.0\bin>add-user.bat

What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Realm (ApplicationRealm) :
Username : appUser
Password :
Re-enter Password :
What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:
User
About to add user 'appUser' for realm 'ApplicationRealm'
Is this correct yes/no? y
Added user 'appUser' to file 'C:\Users\xprk477\jboss-eap-6.0\standalone\configuration\application-users.properties'

Added user 'appUser' to file 'C:\Users\xprk477\jboss-eap-6.0\domain\configuration\application-users.properties'
Added user 'appUser' with roles User to file 'C:\Users\xprk477\jboss-eap-6.0\standalone\configuration\application-r
oles.properties'
Added user 'appUser' with roles User to file 'C:\Users\xprk477\jboss-eap-6.0\domain\configuration\application-roles
.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB cal
ls.
yes/no? y
To represent the user add the following to the server-identities definition <secret value="amJzNHVw" />
Press any key to continue . . .

C:\Users\xprk477\jboss-eap-6.0\bin>add-user.bat -a appUser jbs4up
Added user 'appUser' to file 'C:\Users\xprk477\jboss-eap-6.0\standalone\configuration\application-users.properties'

Added user 'appUser' to file 'C:\Users\xprk477\jboss-eap-6.0\domain\configuration\application-users.properties'
Press any key to continue . . .

Updating a user

C:\Users\xprk477\jboss-eap-6.0\bin>add-user.bat

What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Realm (ApplicationRealm) :
Username : appUser
User 'appUser' already exits, would you like to update the existing user password and roles
Is this correct yes/no? y
Password :
Re-enter Password :
What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[User]
: Admin
Updated user 'appUser' to file 'C:\Users\xprk477\jboss-eap-6.0\standalone\configuration\application-users.propertie
s'
Updated user 'appUser' to file 'C:\Users\xprk477\jboss-eap-6.0\domain\configuration\application-users.properties'
Updated user 'appUser' with roles Admin to file 'C:\Users\xprk477\jboss-eap-6.0\standalone\configuration\applicatio
n-roles.properties'
Updated user 'appUser' with roles Admin to file 'C:\Users\xprk477\jboss-eap-6.0\domain\configuration\application-ro
les.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB cal
ls.
yes/no? y
To represent the user add the following to the server-identities definition <secret value="amJzNHVw" />
Press any key to continue . . .

Happy learning :-)