-
1. Re: JBoss AS 7.1.0.Beta1 is secured by default - what does it mean?
markboletti Dec 8, 2011 1:01 AM (in response to dlofthouse)Hello,
just one question: how would you pass credentials to a CLI that is executed as a script ? for example:
------script.cli-------------------------------------
connect 192.100.100.1 root password
-------------------------------------------------------
jboss-admin.bat --file=script.cli
This seems not to work...(unexpected chars root password)
Thanks
Mark
-
3. Re: JBoss AS 7.1.0.Beta1 is secured by default - what does it mean?
alitokmen Dec 30, 2011 10:09 AM (in response to dlofthouse)I am delighted to see that at least some JBoss components are now secured by default. This has been the case for all JBoss EAP versions, and it is very good to see that JBoss Community Edition also has done a step towards security in the same direction.
On the other hand, after some trials, I have figured out that not all JBoss services are secured. Two examples I can think of right now:
- The remote org.jboss.as.controller.client.helpers.standalone.ServerDeploymentManager still works without specifying any password (at least, that's what I've seen when I've tried it out with JBoss 7.1.0 Beta 1b).
- The jboss-admin.sh does not require any password.
Are these also going to be reviewed at some point in time?
-
4. Re: JBoss AS 7.1.0.Beta1 is secured by default - what does it mean?
b.eckenfels Sep 26, 2012 1:06 PM (in response to alitokmen)Savas Ali Tokmen wrote:
- The jboss-admin.sh does not require any password.
Savas (this is a lata answer, but I am just curious if somebody can fill the blanks in the following answer):
jboss-cli.sh (formerly jboss-admin.sh) seems to magically use a $local user if it is executed with the OS owner of the AS installation. This somehow makes sense if you consider the fact that the OS user with read/write access to the JBoss files can modify anything anyway. However I am not entirely sure how JBoss is checking that it is actually a $local user (it might set up random credentials and allow them to reader). Anyway, you can remove the $local user and have it specified on connect.
Bernd