-
1. Re:
jaikiran Mar 29, 2009 7:39 AM (in response to germandev)See this wiki http://www.jboss.org/community/docs/DOC-12188
Additional is there a way to (IP based) reject access to any other url
Are you looking for rejecting clients coming from specific IP address or are you looking to allow access to the server through a specific IP? For the first, look at the RemoteAddressFilter valve of tomcat which you can configure http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html.
For the latter, you can start JBoss by binding it to a specific IP, you can start the server usingrun.bat -b xxx.xxx.xxx.xxx
An additional wiki reference http://www.jboss.org/community/docs/DOC-10179 -
2. Re:
germandev Mar 29, 2009 7:46 AM (in response to germandev)Thank you for your answer!
I want all users except one IP to be only allowed to access http://my-jboss-server.net:8080/myApplication.
Only the given IP address (my proxy) is allowed to open the root page http://my-jboss-server.net:8080, the jmx console and the web console.
What I am trying to get: I want to publish my project on my server that is globally accessible. Everybode should be able to access my application that is published on the JBoss AS. But they should neither be allowed to open the start page of JBoss (with all the Tomcat stats and so on), nor should they open anything else but my project - especially not the jmx console and the web console. They should only be able to open my project. Nothing else.
How do I realize that best? -
3. Re:
jaikiran Mar 29, 2009 7:54 AM (in response to germandev)But they should neither be allowed to open the start page of JBoss (with all the Tomcat stats and so on),
Some ways to do this:
1) Remove that application from being deployed (but that would mean even you cannot access it).
2)
2.a) Don't let it be the root application and instead setup your application as the root application http://www.jboss.org/community/docs/DOC-12261
2.b) Secure the ROOT.war application which shows the JBoss home page with password protected access (same as securing the jmx-console that i pointed out in my previous reply).especially not the jmx console and the web console.
Same approach as above. -
4. Re:
germandev Mar 29, 2009 9:52 AM (in response to germandev)Thank you for your answer!
Great to know that it is possible to change the root application.
What I didn't get until know - how do I create Users or change their passwords?
I removed the comments in the web.xml files for the web console, and I am asked for a password. But I don't find any information where to set it.. -
5. Re:
jaikiran Mar 29, 2009 10:03 AM (in response to germandev)"GermanDev" wrote:
What I didn't get until know - how do I create Users or change their passwords?
There are various ways of doing this and it depends on the login module that you use. It can come from databases or from properties file. The properties file is the simplest approach and this wiki might help in understanding the same
http://www.jboss.org/community/docs/DOC-12185"GermanDev" wrote:
I removed the comments in the web.xml files for the web console, and I am asked for a password. But I don't find any information where to set it..
The roles/password are already set in the %JBOSS_HOME%/server/< serverName>/deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-roles.properties and web-console-users.properties files of the webconsole war file. -
6. Re:
germandev Mar 29, 2009 10:50 AM (in response to germandev)This works great for the management console where the user and role files already exists. But when I try to reproduce this with the jmx-console where they don't do it didn't work. I am asked to enter a password but nothing is accepted..
Is there anything I have to pay attention to? -
7. Re:
jaikiran Mar 30, 2009 3:36 AM (in response to germandev)"GermanDev" wrote:
But when I try to reproduce this with the jmx-console where they don't do it didn't work. I am asked to enter a password but nothing is accepted..
The users/roles properties for the jmx-console application are in %JBOSS_HOME%/server/< serverName>/conf/props folder (named jmx-console-users.properties and jmx-console-roles.properties) -
8. Re:
germandev Mar 30, 2009 5:51 AM (in response to germandev)This works, thank you!
It all seems very confusing to me. Where do I set the location of the user and role files for the Root.WAR application? Where do I set that location in common?
Is there an (easy or not that complicated) way to create one general user account and set for each web application that the access is either always granted or requires a valid login of that user?