3 Replies Latest reply: Jul 20, 2012 12:07 PM by Will Lam RSS

jboss 6 Security

Nitin Sharma Newbie

Hi..

 

How to do security configuration in jboss 6.

 

 

Thanks.

  • 2. Re: jboss 6 Security
    Nitin Sharma Newbie

    I am providing here some console security steps..

    If any body knows some more security configuration step that is usefull in Jboss 6.

    Please reply me I requierd it argent basis..

     

     

     

    Step 1: Change the JBoss Admin Password

     

     

    To change the default Admin Console password, go to:

     

    /usr/share/jboss-6.0.0.Final/server/default/conf/props

     

    Open the jmx-console-users.properties file in text editor and change the password.

    view plaincopy to clipboardprint?

    1. # A sample users.properties file for use with the UsersRolesLoginModule   

    2. admin=MyPassword 

    # A sample users.properties file for use with the UsersRolesLoginModule
    admin=MyPassword

     

     

     

    Step 2: Secure the JMX Console

     

     

    To secure the JMX Console, go to:

     

    /usr/share/jboss-6.0.0.Final/common/deploy/jmx-console.war/WEB-INF

     

    First, edit the web.xml file. Towards the bottom, you will find the security-constraint as shown below:

    view plaincopy to clipboardprint?

    1. <!-- A security constraint that restricts access to the HTML JMX console   

    2.    to users with the role JBossAdmin. Edit the roles to what you want and   

    3.    uncomment the WEB-INF/jboss-web.xml/security-domain element to enable   

    4.    secured access to the HTML JMX console.   

    5.    <security-constraint>   

    6.      <web-resource-collection>   

    7.        <web-resource-name>HtmlAdaptor</web-resource-name>   

    8.        <description>An example security config that only allows users with the   

    9.          role JBossAdmin to access the HTML JMX console web application   

    10.        </description>   

    11.        <url-pattern>/*</url-pattern>   

    12.      </web-resource-collection>   

    13.      <auth-constraint>   

    14.        <role-name>JBossAdmin</role-name>   

    15.      </auth-constraint>   

    16.    </security-constraint>   

    17.    --> 

    <!-- A security constraint that restricts access to the HTML JMX console
       to users with the role JBossAdmin. Edit the roles to what you want and
       uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
       secured access to the HTML JMX console.
       <security-constraint>
         <web-resource-collection>
           <web-resource-name>HtmlAdaptor</web-resource-name>
           <description>An example security config that only allows users with the
             role JBossAdmin to access the HTML JMX console web application
           </description>
           <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
           <role-name>JBossAdmin</role-name>
         </auth-constraint>
       </security-constraint>
       -->

     

     

    Un-comment the security-constraint section so it appears thus:

    view plaincopy to clipboardprint?

    1. <security-constraint>   

    2.      <web-resource-collection>   

    3.        <web-resource-name>HtmlAdaptor</web-resource-name>   

    4.        <description>An example security config that only allows users with the   

    5.          role JBossAdmin to access the HTML JMX console web application   

    6.        </description>   

    7.        <url-pattern>/*</url-pattern>   

    8.      </web-resource-collection>   

    9.      <auth-constraint>   

    10.        <role-name>JBossAdmin</role-name>   

    11.      </auth-constraint>   

    12.    </security-constraint> 

    <security-constraint>
         <web-resource-collection>
           <web-resource-name>HtmlAdaptor</web-resource-name>
           <description>An example security config that only allows users with the
             role JBossAdmin to access the HTML JMX console web application
           </description>
           <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
           <role-name>JBossAdmin</role-name>
         </auth-constraint>
       </security-constraint>

     

     

    Next, still in the WEB-INF directory, edit the jboss-web.xml file, which will look as below:

    view plaincopy to clipboardprint?

    1. <!DOCTYPE jboss-web PUBLIC   

    2.    "-//JBoss//DTD Web Application 5.0//EN"  

    3.    "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">   

    4.       

    5. <jboss-web>   

    6.    <!-- Uncomment the security-domain to enable security. You will   

    7.       need to edit the htmladaptor login configuration to setup the   

    8.       login modules used to authentication users.   

    9.       <security-domain>java:/jaas/jmx-console</security-domain>   

    10.    -->   

    11. </jboss-web> 

    <!DOCTYPE jboss-web PUBLIC
       "-//JBoss//DTD Web Application 5.0//EN"
       "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
       
    <jboss-web>
       <!-- Uncomment the security-domain to enable security. You will
          need to edit the htmladaptor login configuration to setup the
          login modules used to authentication users.
          <security-domain>java:/jaas/jmx-console</security-domain>
       -->
    </jboss-web>

     

     

    Uncomment the security-domain so it appears thus:

     

    <pre class="js" name="code"><!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd"> <jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web>

     

     

    At this point, the password for the JMX Console will be the same as the password we set for the Admin Console in step 8 above.

     

    Both the Admin Console and JMX Console are are using the jmx-console-roles.properties and jmx-console-users.properties files.

    Step 3: Secure the Web Service Console

     

     

    To secure the Web Service Console, go to:

     

    /usr/share/jboss-6.0.0.Final/common/deploy/jbossws-console.war/WEB-INF

     

    First, edit the web.xml file. Towards the bottom, you will find the security-constraint as shown below:

    view plaincopy to clipboardprint?

    1. <!-- A security constraint that restricts access   

    2.    <security-constraint>   

    3.      <web-resource-collection>   

    4.        <web-resource-name>ContextServlet</web-resource-name>   

    5.        <description>An example security config that only allows users with the   

    6.          role 'friend' to access the JBossWS console web application   

    7.        </description>   

    8.        <url-pattern>/*</url-pattern>   

    9.      </web-resource-collection>   

    10.      <auth-constraint>   

    11.        <role-name>friend</role-name>   

    12.      </auth-constraint>   

    13.    </security-constraint>   

    14.    --> 

    <!-- A security constraint that restricts access
       <security-constraint>
         <web-resource-collection>
           <web-resource-name>ContextServlet</web-resource-name>
           <description>An example security config that only allows users with the
             role 'friend' to access the JBossWS console web application
           </description>
           <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
           <role-name>friend</role-name>
         </auth-constraint>
       </security-constraint>
       -->

     

     

    Un-comment the security-constraint section so it appears thus:

    view plaincopy to clipboardprint?

    1. <security-constraint>   

    2.      <web-resource-collection>   

    3.        <web-resource-name>ContextServlet</web-resource-name>   

    4.        <description>An example security config that only allows users with the   

    5.          role 'friend' to access the JBossWS console web application   

    6.        </description>   

    7.        <url-pattern>/*</url-pattern>   

    8.      </web-resource-collection>   

    9.      <auth-constraint>   

    10.        <role-name>friend</role-name>   

    11.      </auth-constraint>   

    12.    </security-constraint> 

    <security-constraint>
         <web-resource-collection>
           <web-resource-name>ContextServlet</web-resource-name>
           <description>An example security config that only allows users with the
             role 'friend' to access the JBossWS console web application
           </description>
           <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
           <role-name>friend</role-name>
         </auth-constraint>
       </security-constraint>

     

     

    Next, still in the WEB-INF directory, edit the jboss-web.xml file, which will look as below:

    view plaincopy to clipboardprint?

    1. <?xml version="1.0" encoding="ISO-8859-1"?>   

    2.   

    3. <!DOCTYPE jboss-web   

    4.     PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"  

    5.     "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">   

    6.   

    7. <jboss-web>   

    8.   

    9.   <!-- A security domain that restricts access   

    10.   <security-domain>java:/jaas/JBossWS</security-domain>   

    11.   -->   

    12.      

    13.   <context-root>jbossws</context-root>   

    14.   

    15. </jboss-web> 

    <?xml version="1.0" encoding="ISO-8859-1"?>
    
    <!DOCTYPE jboss-web
        PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
        "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
    
    <jboss-web>
    
      <!-- A security domain that restricts access
      <security-domain>java:/jaas/JBossWS</security-domain>
      -->
      
      <context-root>jbossws</context-root>
    
    </jboss-web>

     

     

    Uncomment the security-domain so it appears thus:

    view plaincopy to clipboardprint?

    1. <?xml version="1.0" encoding="ISO-8859-1"?>   

    2.   

    3. <!DOCTYPE jboss-web   

    4.     PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"  

    5.     "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">   

    6.   

    7. <jboss-web>   

    8.   

    9.     

    10.   <security-domain>java:/jaas/JBossWS</security-domain>   

    11.     

    12.      

    13.   <context-root>jbossws</context-root>   

    14.   

    15. </jboss-web> 

    <?xml version="1.0" encoding="ISO-8859-1"?>
    
    <!DOCTYPE jboss-web
        PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
        "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
    
    <jboss-web>
    
     
      <security-domain>java:/jaas/JBossWS</security-domain>
     
      
      <context-root>jbossws</context-root>
    
    </jboss-web>

     

     

    The default user name and password are kermit/thefrog

     

    To change this, go to:

     

    /usr/share/jboss-6.0.0.Final/server/default/conf/props

     

    Open jbossws-roles.properties in a text editor it should appear as below.

    view plaincopy to clipboardprint?

    1. # A sample roles.properties file for use with the UsersRolesLoginModule   

    2. kermit=friend 

    # A sample roles.properties file for use with the UsersRolesLoginModule
    kermit=friend

     

     

    Change 'kermit' to a new user name. For example, we'll change it to 'mywsuser' as shown below:

    view plaincopy to clipboardprint?

    1. # A sample roles.properties file for use with the UsersRolesLoginModule   

    2. mywsuser=friend 

    # A sample roles.properties file for use with the UsersRolesLoginModule
    mywsuser=friend

     

     

    Open jbossws-users.properties in a text editor it should appear as below.

    view plaincopy to clipboardprint?

    1. # A sample users.properties file for use with the UsersRolesLoginModule   

    2. kermit=thefrog 

    # A sample users.properties file for use with the UsersRolesLoginModule
    kermit=thefrog

     

     

    Change 'kermit' to our new user name 'mywsuser' and change the password. For example, we'll change the password to it to 'MyWsPassword' as shown below:

    view plaincopy to clipboardprint?

    1. # A sample users.properties file for use with the UsersRolesLoginModule   

    2. mywsuser=MyWsPassword 

    # A sample users.properties file for use with the UsersRolesLoginModule
    mywsuser=MyWsPassword

     

     

     

  • 3. Re: jboss 6 Security
    Will Lam Newbie

    Hi Nitin,

     

    I follow your instruction #2 to change the admin password. Then, I use jboss_init_redhat.sh to stop and to start jboss. The new password is NOT working on the admin console; only the old one works.  Any clue?

     

    Thanks,

     

    Will