3 Replies Latest reply: Jul 20, 2012 12:07 PM by Will Lam RSS

    jboss 6 Security

    Nitin Sharma Newbie

      Hi..

       

      How to do security configuration in jboss 6.

       

       

      Thanks.

        • 2. Re: jboss 6 Security
          Nitin Sharma Newbie

          I am providing here some console security steps..

          If any body knows some more security configuration step that is usefull in Jboss 6.

          Please reply me I requierd it argent basis..

           

           

           

          Step 1: Change the JBoss Admin Password

           

           

          To change the default Admin Console password, go to:

           

          /usr/share/jboss-6.0.0.Final/server/default/conf/props

           

          Open the jmx-console-users.properties file in text editor and change the password.

          view plaincopy to clipboardprint?

          1. # A sample users.properties file for use with the UsersRolesLoginModule   

          2. admin=MyPassword 

          # A sample users.properties file for use with the UsersRolesLoginModule
          admin=MyPassword

           

           

           

          Step 2: Secure the JMX Console

           

           

          To secure the JMX Console, go to:

           

          /usr/share/jboss-6.0.0.Final/common/deploy/jmx-console.war/WEB-INF

           

          First, edit the web.xml file. Towards the bottom, you will find the security-constraint as shown below:

          view plaincopy to clipboardprint?

          1. <!-- A security constraint that restricts access to the HTML JMX console   

          2.    to users with the role JBossAdmin. Edit the roles to what you want and   

          3.    uncomment the WEB-INF/jboss-web.xml/security-domain element to enable   

          4.    secured access to the HTML JMX console.   

          5.    <security-constraint>   

          6.      <web-resource-collection>   

          7.        <web-resource-name>HtmlAdaptor</web-resource-name>   

          8.        <description>An example security config that only allows users with the   

          9.          role JBossAdmin to access the HTML JMX console web application   

          10.        </description>   

          11.        <url-pattern>/*</url-pattern>   

          12.      </web-resource-collection>   

          13.      <auth-constraint>   

          14.        <role-name>JBossAdmin</role-name>   

          15.      </auth-constraint>   

          16.    </security-constraint>   

          17.    --> 

          <!-- A security constraint that restricts access to the HTML JMX console
             to users with the role JBossAdmin. Edit the roles to what you want and
             uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
             secured access to the HTML JMX console.
             <security-constraint>
               <web-resource-collection>
                 <web-resource-name>HtmlAdaptor</web-resource-name>
                 <description>An example security config that only allows users with the
                   role JBossAdmin to access the HTML JMX console web application
                 </description>
                 <url-pattern>/*</url-pattern>
               </web-resource-collection>
               <auth-constraint>
                 <role-name>JBossAdmin</role-name>
               </auth-constraint>
             </security-constraint>
             -->

           

           

          Un-comment the security-constraint section so it appears thus:

          view plaincopy to clipboardprint?

          1. <security-constraint>   

          2.      <web-resource-collection>   

          3.        <web-resource-name>HtmlAdaptor</web-resource-name>   

          4.        <description>An example security config that only allows users with the   

          5.          role JBossAdmin to access the HTML JMX console web application   

          6.        </description>   

          7.        <url-pattern>/*</url-pattern>   

          8.      </web-resource-collection>   

          9.      <auth-constraint>   

          10.        <role-name>JBossAdmin</role-name>   

          11.      </auth-constraint>   

          12.    </security-constraint> 

          <security-constraint>
               <web-resource-collection>
                 <web-resource-name>HtmlAdaptor</web-resource-name>
                 <description>An example security config that only allows users with the
                   role JBossAdmin to access the HTML JMX console web application
                 </description>
                 <url-pattern>/*</url-pattern>
               </web-resource-collection>
               <auth-constraint>
                 <role-name>JBossAdmin</role-name>
               </auth-constraint>
             </security-constraint>

           

           

          Next, still in the WEB-INF directory, edit the jboss-web.xml file, which will look as below:

          view plaincopy to clipboardprint?

          1. <!DOCTYPE jboss-web PUBLIC   

          2.    "-//JBoss//DTD Web Application 5.0//EN"  

          3.    "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">   

          4.       

          5. <jboss-web>   

          6.    <!-- Uncomment the security-domain to enable security. You will   

          7.       need to edit the htmladaptor login configuration to setup the   

          8.       login modules used to authentication users.   

          9.       <security-domain>java:/jaas/jmx-console</security-domain>   

          10.    -->   

          11. </jboss-web> 

          <!DOCTYPE jboss-web PUBLIC
             "-//JBoss//DTD Web Application 5.0//EN"
             "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
             
          <jboss-web>
             <!-- Uncomment the security-domain to enable security. You will
                need to edit the htmladaptor login configuration to setup the
                login modules used to authentication users.
                <security-domain>java:/jaas/jmx-console</security-domain>
             -->
          </jboss-web>

           

           

          Uncomment the security-domain so it appears thus:

           

          <pre class="js" name="code"><!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd"> <jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web>

           

           

          At this point, the password for the JMX Console will be the same as the password we set for the Admin Console in step 8 above.

           

          Both the Admin Console and JMX Console are are using the jmx-console-roles.properties and jmx-console-users.properties files.

          Step 3: Secure the Web Service Console

           

           

          To secure the Web Service Console, go to:

           

          /usr/share/jboss-6.0.0.Final/common/deploy/jbossws-console.war/WEB-INF

           

          First, edit the web.xml file. Towards the bottom, you will find the security-constraint as shown below:

          view plaincopy to clipboardprint?

          1. <!-- A security constraint that restricts access   

          2.    <security-constraint>   

          3.      <web-resource-collection>   

          4.        <web-resource-name>ContextServlet</web-resource-name>   

          5.        <description>An example security config that only allows users with the   

          6.          role 'friend' to access the JBossWS console web application   

          7.        </description>   

          8.        <url-pattern>/*</url-pattern>   

          9.      </web-resource-collection>   

          10.      <auth-constraint>   

          11.        <role-name>friend</role-name>   

          12.      </auth-constraint>   

          13.    </security-constraint>   

          14.    --> 

          <!-- A security constraint that restricts access
             <security-constraint>
               <web-resource-collection>
                 <web-resource-name>ContextServlet</web-resource-name>
                 <description>An example security config that only allows users with the
                   role 'friend' to access the JBossWS console web application
                 </description>
                 <url-pattern>/*</url-pattern>
               </web-resource-collection>
               <auth-constraint>
                 <role-name>friend</role-name>
               </auth-constraint>
             </security-constraint>
             -->

           

           

          Un-comment the security-constraint section so it appears thus:

          view plaincopy to clipboardprint?

          1. <security-constraint>   

          2.      <web-resource-collection>   

          3.        <web-resource-name>ContextServlet</web-resource-name>   

          4.        <description>An example security config that only allows users with the   

          5.          role 'friend' to access the JBossWS console web application   

          6.        </description>   

          7.        <url-pattern>/*</url-pattern>   

          8.      </web-resource-collection>   

          9.      <auth-constraint>   

          10.        <role-name>friend</role-name>   

          11.      </auth-constraint>   

          12.    </security-constraint> 

          <security-constraint>
               <web-resource-collection>
                 <web-resource-name>ContextServlet</web-resource-name>
                 <description>An example security config that only allows users with the
                   role 'friend' to access the JBossWS console web application
                 </description>
                 <url-pattern>/*</url-pattern>
               </web-resource-collection>
               <auth-constraint>
                 <role-name>friend</role-name>
               </auth-constraint>
             </security-constraint>

           

           

          Next, still in the WEB-INF directory, edit the jboss-web.xml file, which will look as below:

          view plaincopy to clipboardprint?

          1. <?xml version="1.0" encoding="ISO-8859-1"?>   

          2.   

          3. <!DOCTYPE jboss-web   

          4.     PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"  

          5.     "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">   

          6.   

          7. <jboss-web>   

          8.   

          9.   <!-- A security domain that restricts access   

          10.   <security-domain>java:/jaas/JBossWS</security-domain>   

          11.   -->   

          12.      

          13.   <context-root>jbossws</context-root>   

          14.   

          15. </jboss-web> 

          <?xml version="1.0" encoding="ISO-8859-1"?>
          
          <!DOCTYPE jboss-web
              PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
              "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
          
          <jboss-web>
          
            <!-- A security domain that restricts access
            <security-domain>java:/jaas/JBossWS</security-domain>
            -->
            
            <context-root>jbossws</context-root>
          
          </jboss-web>

           

           

          Uncomment the security-domain so it appears thus:

          view plaincopy to clipboardprint?

          1. <?xml version="1.0" encoding="ISO-8859-1"?>   

          2.   

          3. <!DOCTYPE jboss-web   

          4.     PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"  

          5.     "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">   

          6.   

          7. <jboss-web>   

          8.   

          9.     

          10.   <security-domain>java:/jaas/JBossWS</security-domain>   

          11.     

          12.      

          13.   <context-root>jbossws</context-root>   

          14.   

          15. </jboss-web> 

          <?xml version="1.0" encoding="ISO-8859-1"?>
          
          <!DOCTYPE jboss-web
              PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
              "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
          
          <jboss-web>
          
           
            <security-domain>java:/jaas/JBossWS</security-domain>
           
            
            <context-root>jbossws</context-root>
          
          </jboss-web>

           

           

          The default user name and password are kermit/thefrog

           

          To change this, go to:

           

          /usr/share/jboss-6.0.0.Final/server/default/conf/props

           

          Open jbossws-roles.properties in a text editor it should appear as below.

          view plaincopy to clipboardprint?

          1. # A sample roles.properties file for use with the UsersRolesLoginModule   

          2. kermit=friend 

          # A sample roles.properties file for use with the UsersRolesLoginModule
          kermit=friend

           

           

          Change 'kermit' to a new user name. For example, we'll change it to 'mywsuser' as shown below:

          view plaincopy to clipboardprint?

          1. # A sample roles.properties file for use with the UsersRolesLoginModule   

          2. mywsuser=friend 

          # A sample roles.properties file for use with the UsersRolesLoginModule
          mywsuser=friend

           

           

          Open jbossws-users.properties in a text editor it should appear as below.

          view plaincopy to clipboardprint?

          1. # A sample users.properties file for use with the UsersRolesLoginModule   

          2. kermit=thefrog 

          # A sample users.properties file for use with the UsersRolesLoginModule
          kermit=thefrog

           

           

          Change 'kermit' to our new user name 'mywsuser' and change the password. For example, we'll change the password to it to 'MyWsPassword' as shown below:

          view plaincopy to clipboardprint?

          1. # A sample users.properties file for use with the UsersRolesLoginModule   

          2. mywsuser=MyWsPassword 

          # A sample users.properties file for use with the UsersRolesLoginModule
          mywsuser=MyWsPassword

           

           

           

          • 3. Re: jboss 6 Security
            Will Lam Newbie

            Hi Nitin,

             

            I follow your instruction #2 to change the admin password. Then, I use jboss_init_redhat.sh to stop and to start jboss. The new password is NOT working on the admin console; only the old one works.  Any clue?

             

            Thanks,

             

            Will