Version 3
Created by identify on Aug 6, 2007 9:10 AM. Last modified by identify on Aug 6, 2007 9:12 AM.

     

    How To configure Secure Jboss

     

     

    1. Configure UsersRolesLoginModule.

    •      Deploy/jmx-console.war/WEB-INF /web.xml  add after  <role-name>JBossAdmin</role-name>

            <role-name>AuthorizedUser</role-name>.

    And after <security-role>

    <role-name>JBossAdmin</role-name>

         </security-role>

    add

                     <security-role>

                         <role-name>AuthorizedUser</role-name>

                </security-role>.

     

    • .     In deploy/jmx-console/WEB-INF/jboss-web.xml Check that the line <security-     domain>java:/jaas/jmx-console</security-domain> is uncommented.

    •      Same two steps for files under deploy/management/console-mgr.sar/web-console.war/WEB-INF/.

    •      open file deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties and add under admin=admin the user name and the password.

    •      open deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-roles.properties and under admin=JBossAdmin add the user = AuthorizedUser.

    •      open <configuration>/conf/login-config.xml and uncomment

     

    •       open <configuration>/conf/jmx-console-users.properties and under admin=admin add     user=password

    •      open <configuration>/conf/jmx-console-rules.properties and under admin=JBossAdmin,HttpInvoker add the user = AuthorizedUser.

     

    More info can be found http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss

     

     

     

    2. Configure LdapLoginModule:

    •      Install LDAP server.

    •      Install LDAP Administrator.

    •      Import the dukebank.ldif, this will create a LDAP schema.

    •      Change login-config.xml on <configuration>/conf add the following lines

          

    •      Uncomment <security-domain>java:/jaas/dukesbank</security-domain> in jboss-web.xml.

    •      In web.xml change the <role-name><ROLE></role-name> to DukeAdminname>.

    •      In ejb-jar.xml add   

    <security-role-ref>

              <role-name>DukeAdmin</role-name>

              <role-link>DukeAdmin</role-link>

            </security-role-ref>.

    •      Under <assembly-descriptor> add

                 <security-role>

                          <role-name>DukeAdmin</role-name>

                 </security-role>.

    •      Under <method-permission> add <role-name>DukeAdmin</role-name>.

     

     

     

    3. Configure DatabaseServerLoginModule:

    •      Create db and then run the following sql statements (on mysql db)

    DROP TABLE IF EXISTS `jms_users`;

    CREATE TABLE `jms_users` (

      `USERID` varchar(32) NOT NULL default +,

      `PASSWD` varchar(32) NOT NULL default +,

      `CLIENTID` varchar(128) default NULL,

      PRIMARY KEY  (`USERID`)

    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

     

    DROP TABLE IF EXISTS `jms_roles`;

    CREATE TABLE `jms_roles` (

      `ROLEID` varchar(32) NOT NULL default +,

      `USERID` varchar(32) NOT NULL default +,

      PRIMARY KEY  (`USERID`,`ROLEID`)

    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

     

    •      Change login-config.xml

          

     

    4. Secure RMI

    •      Edit deploy/jmx-invoker-service.xml and uncomment

    .

    •      Edit deploy/ http-invoker.sar\invoker.war\WEB-INF\ jboss-web.xml

         <security-domain>java:/jaas/<Role-Name</security-domain>

     

    •      Add Role-Name to conf/login-config.xml.

     

     

     

     

     

     

    1331 Views Categories: Tags: