How To configure Secure Jboss
1. Configure UsersRolesLoginModule.
Deploy/jmx-console.war/WEB-INF /web.xml add after <role-name>JBossAdmin</role-name>
<role-name>AuthorizedUser</role-name>.
And after <security-role>
<role-name>JBossAdmin</role-name>
</security-role>
add
<security-role>
<role-name>AuthorizedUser</role-name>
</security-role>.
. In deploy/jmx-console/WEB-INF/jboss-web.xml Check that the line <security- domain>java:/jaas/jmx-console</security-domain> is uncommented.
Same two steps for files under deploy/management/console-mgr.sar/web-console.war/WEB-INF/.
open file deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties and add under admin=admin the user name and the password.
open deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-roles.properties and under admin=JBossAdmin add the user = AuthorizedUser.
open <configuration>/conf/login-config.xml and uncomment
open <configuration>/conf/jmx-console-users.properties and under admin=admin add user=password
open <configuration>/conf/jmx-console-rules.properties and under admin=JBossAdmin,HttpInvoker add the user = AuthorizedUser.
More info can be found http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
2. Configure LdapLoginModule:
Install LDAP server.
Install LDAP Administrator.
Import the dukebank.ldif, this will create a LDAP schema.
Change login-config.xml on <configuration>/conf add the following lines
Uncomment <security-domain>java:/jaas/dukesbank</security-domain> in jboss-web.xml.
In web.xml change the <role-name><ROLE></role-name> to DukeAdminname>.
In ejb-jar.xml add
<security-role-ref>
<role-name>DukeAdmin</role-name>
<role-link>DukeAdmin</role-link>
</security-role-ref>.
Under <assembly-descriptor> add
<security-role>
<role-name>DukeAdmin</role-name>
</security-role>.
Under <method-permission> add <role-name>DukeAdmin</role-name>.
3. Configure DatabaseServerLoginModule:
Create db and then run the following sql statements (on mysql db)
DROP TABLE IF EXISTS `jms_users`;
CREATE TABLE `jms_users` (
`USERID` varchar(32) NOT NULL default +,
`PASSWD` varchar(32) NOT NULL default +,
`CLIENTID` varchar(128) default NULL,
PRIMARY KEY (`USERID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
DROP TABLE IF EXISTS `jms_roles`;
CREATE TABLE `jms_roles` (
`ROLEID` varchar(32) NOT NULL default +,
`USERID` varchar(32) NOT NULL default +,
PRIMARY KEY (`USERID`,`ROLEID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Change login-config.xml
4. Secure RMI
Edit deploy/jmx-invoker-service.xml and uncomment
.
Edit deploy/ http-invoker.sar\invoker.war\WEB-INF\ jboss-web.xml
<security-domain>java:/jaas/<Role-Name</security-domain>
Add Role-Name to conf/login-config.xml.
Comments