Here's one way.
Create a new user account, say "jboss". Make that account the owner of the JBOSS_HOME and all of its contents (subdirectories and files), and set the access mode to 600 (or 700 where appropriate). Run the app server under the "jboss" account.
Now only those people who know the password to the "jboss" account can deploy things.
thank u so much for the reply peter.
your post was absolutely helpful.
Now i have come across an unusual scenario for deploying a WAR file.
(this is just a change request. i am sorry if i am driving you people nuts)
we have a war file which will be given to the client for deploying in to the JBoss server.
if any intruder hacks the war in between and he changes its content before deploying,
the broken WAR file shouldn't get deployed.
The genuine WAR file should only get deployed in JBOSS.
how can we prevent deploying the broken WAR file?
how can we make sure to deploy only the genuine WAR file in JBOSS ?
kindly provide your valuable suggestions.
Thanks in advance.
This is why download site provide md5 or other checksums for downloaded files - so that the recipient can verify that the file has not been altered. I know of nothing built into JBoss AS that would perform the type of verification you are looking for.
thank you so much for the post peter. got fair idea regarding jarsigner from the link.
it was very helpful.
i executed the following steps.
i signed a war file and depolyed in jboss. it got deployed without any issues.
After that i made some changes in the signed WAR file and
tried to deploy the updated WAR file in the JBoss.
while doing that i found the following error:
DEPLOYMENTS IN ERROR:
Deployment "vfszip:/usr/local/jboss-5.1.0.GA/server/default/deploy/sampleWebApp.war/" is in error due to the following reason(s):
java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
It means that JBOSS validates(verifies) the signature of the WAR file while depolying.
can anyone please tell me how JBOSS verifies it ?
can we make sure that WAR file with specific signature should only get deployed in JBOSS??
Thanks in advance.
"can anyone please tell me how JBOSS verifies it ?"
I suspect that it is the JVM that does the verification. When JBoss AS attempts to load the archive, the JVM throws the security exception.
"can we make sure that WAR file with specific signature should only get deployed in JBOSS??"
You should look at some libraries that provide licensing features. These libraries can lock the app to a specific piece of hardware. I doubt that there is a way to prevent someone from deploying to, say WLS, instead of JBoss AS.
If you provide your actual requirements (in other words, what is it that you are really attempting to do, and why you want to do it), then there might be some solution.
thanks again peter.
the actual requirement is:
i am developing a WAR file and adding a signature to it.
while deploying, JBOSS should verify the signature.
if the exact signature is not found, the WAR file should not get deployed.
(it should throw some exception)
(here we are not talking about tampering)
For example, i have a WAR file named sampleWebApp.war with particular signature.
The above should only get deployed in JBOSS.
If some other WAR with the same name(sampleWebApp.war) with different signature is deployed,
the deployment should get failed with some exception.
kindly suggest me how to achieve this.
Thanks in advance.
These are not requirements, they are implementation details or options. Perhaps I should have asked for the business requirements.
Thanks for your timely reply peter.
The business requirement is(in the form of example):
there is a WAR file developed from ABC company.
Its going to be deployed in the JBOSS server of XYZ company.
Deployment should be successful if the WAR file is identified as genuine WAR file of ABC company.
Otherwise, deployment should get failed with exception.
Looks like JAR file signing should do it for you.
yeah.. jarsigner finds out if the WAR file has been tampered.
but we want to make sure that the WAR file with specific signature should only get deployed.
can we identify how and when JVM verifies the signature in JBOSS ?
Can we add some code(functionality) while verifying the WAR file,
so that WAR file with specific signature will only get deployed in JBOSS ?
kindly bail me out of this issue.