-
1. Re: JBoss Windows service.bat password encryption
peterj Oct 5, 2010 2:02 PM (in response to glyph5)1) Don't use the UsersRolesLoginModule, use one of the other login modules such as DatabaseServerLoginModule (though you actually have to extend this if your passwords are encrypted in the database) or the LdapExtLoginModule (handy is you already have LDAP, which I assume you proibably do based on your security requirements).
2) I checked the source (in the source download at server/src/main/org/jboss/Shutdown.java). The code does not appear to handle an encrypted password - the most it does is prompt for a password is a user id is given but a password is not. You could, of course, modify that file to enable an encrypted password to be passed.
-
2. Re: JBoss Windows service.bat password encryption
glyph5 Oct 5, 2010 2:47 PM (in response to peterj)Thanks Peter for your reply.
Do you know if there is any other way to accomplish shutdown without requiring these parameters? Previously we used the Java Service Wrapper but since the free version is not supported for 64-Bit we have reverted to the supplied native methods.
I'm trying not to stray too far from the standard configuration (we are using the EAP version) for support reasons, but if modifying the source is the only way we can make it work I'll have to consider it.
-
3. Re: JBoss Windows service.bat password encryption
peterj Oct 5, 2010 4:01 PM (in response to glyph5)The issue is that the JMX invoker is locked down, which means that any JMX client (and shutdown is just another JMX client) needs to supply the username and password. You can unlock the JMX invoker, but then any JMX client can do anything that the MBeans registered with JMX allow.
If you were running on Linux, you could send a SIGQUIT signal to the java process - the app server registers a hook for this signal and shuts down normally when it gets the signal. This is the same thing that happens when you CTRL-C the app server. On Windows that is more difficult - I found some code that could do this but it worked for 32-bit XP only. I think that there are commercial Windows apps that will send a SIGQUIT to a process, but I have not tried any of them. Also, you then have to somehow capture the process id (which is easy on Linux).
-
4. Re: JBoss Windows service.bat password encryption
glyph5 Oct 8, 2010 11:40 AM (in response to peterj)Thank you for your reply Peter.
Unlocking the jmx invoker might be feasible for our environment. I was wondering if you had any insight on how to achieve this?
I was trying to undo the steps provided in the following link: http://community.jboss.org/wiki/securethejmxconsole but I have not yet achieved success.
Any help would be greatly appreciated.
-
5. Re: JBoss Windows service.bat password encryption
peterj Oct 8, 2010 11:58 AM (in response to glyph5)I have never tried to unsecure the jmx invoker in EAP, so the most I could do is point you to the wiki page that you mentioned. You might try comparing with GA to see what the differences are in the config files. You might also have to debug the shutdown code (if that is what you are using as a test case) to see exactly where the hangup is. Anyway, that is what I would do if I were there helping you.