5 Replies Latest reply on Apr 17, 2014 11:00 AM by bresnicow

    How can we encrypt the management user ID

    bresnicow

      We have a requirement to encrypt management user id as well as the password.   JBoss management-users contains the user id and hashed password.   Can anyone suggest how we can either encrypt the managment-users file or just encrypt the management user id ?   The idea is to prevent the user id from being stored in cleartext.

       

      Thanks all,

      Bill R


        • 1. Re: How can we encrypt the management user ID
          jbertram

          I'm not clear on what userid you talking about here.  Is this something specific to HornetQ or more generally applicable to WildFly?

          • 2. Re: How can we encrypt the management user ID
            bresnicow

            This is about Wildfly security.  I'm referring to the user id in the management-users.properties file.  It stores the user name and the hashed password.  We want to keep the user name hidden as well as the password.   I dont see any documented way of doing this.   It does mention use of a truststore, i think as an alternative to using the properties file, could that be used to store user and password.   Or perhaps could the vault be used ?

             

            If no existing option exists, could someone point me to the code where the management-users file is handled, maybe we could custom code a solution there.

             

            thanks!

             


            • 3. Re: How can we encrypt the management user ID
              jbertram

              I moved this thread from the HornetQ forum to the WildFly forum since your question is about WildFly specifically and not HornetQ.

              • 4. Re: How can we encrypt the management user ID
                dlofthouse

                If you want to consider alternative storage options please see the following documentation on how to create your own plug-ins: -

                 

                https://docs.jboss.org/author/display/WFLY8/Plug+Ins

                 

                Should point out that unless you are doing something fairly advanced and delegating this to something outside the server you are using to run WildFly then at best you are most likely to achieve obfuscation as you will most likely still end up with everything accessible to the wildfly process needed to reverse the encryption.  In addition to this the username is also freely logged in both audit and debug logs.

                • 5. Re: How can we encrypt the management user ID
                  bresnicow

                  Thanks, that looks like a possible solution but complicated.

                   

                  I identified the class that reads mgmt-users.properties file to be as.domain.management.security.PropertiesFileLoader.   Not sure yet where the file is created from.

                   

                  Does JBoss provide a way to encrypt/decrypt files?   If so, I could hook that into the PropertiesFileLoader.

                   

                  -Bill R