Home > Others

JBoss Information Security

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Err 0:34:20,942 error [Usersrolesloginmodule] Failed to load users/passwords/role files
Java.io.IOException:No Properties file:users.properties or defaults:defaultUsers.properties found

After the installation of JBoss is successful, it is generally accessible through http://localhost:port. The JMX console and JBoss Web console can modify and delete the application's parameters, which will have serious security consequences if the security settings are not enhanced.
The default login jmx-console account information is: admin/admin, so we should modify this account information.

First, JMX Security configuration
1: Locate the%jboss_home%/server/default/deploy/jmx-console.war/web-inf/jboss-web.xml file and remove the comment for the following XML text.

XML code

Java code
    1. <jboss-web>
    2. <security-domain>java:/jaas/jmx-console</security-domain>
    3. </jboss-web>


2: With the Jboss-web.xml sibling directory, there is also a file, Web. XML, which finds the text below and cancels the comment.

XML code

Java code
  2. <security-constraint>
  4. <web-resource-collection>
  6. <web-resource-name>HtmlAdaptor</web-resource-name>
  8. <description>an Example Security config that is allows users with the
  10. Role jbossadmin to access the HTML JMX console Web application
  12. </description>
  14. <url-pattern>/*</url-pattern>
  20. </web-resource-collection>
  22. <auth-constraint>
  24. <role-name>JBossAdmin</role-name>
  26. </auth-constraint>
  28. </security-constraint>


Note:<role-name>jbossadmin</role-name>
A defined role name is referenced: jbossadmin (this role name is under the file <security-role><role-name>jbossadmin</role-name></ defined in the Security-role> node),
The role names in the Jmx-console-roles.properties file must be consistent with
such as: Duqiang=jbossadmin,httpinvoker; defines a Duqiang user, which belongs to the Jbossadmin role

3: The Jmx-console security Domain in the first step and the run role in the second step jbossadmin with the user name and password are configured in Login-config.xml,
We can see the following configuration in the%jboss_home%/server/default/conf/login-config.xml file,

XML code

Java code
  2. <!--here should be consistent with <security-domain>java:/jaas/jmx-console</security-domain> in the Jboss-web.xml file--
  4. <application-policy name = "Jmx-console" >
  6. <authentication>
  8. <login-module code="Org.jboss.security.auth.spi.UsersRolesLoginModule"
  10. Flag = "Required" >
  12. <module-option name="usersproperties" >props/jmx-console-users.properties</module-option>
  14. <module-option name="rolesproperties" >props/jmx-console-roles.properties</module-option>
  16. </login-module>
  18. </authentication>
  20. </application-policy>



The user name and password are defined in the file props/jmx-console-users.properties, and the role that the user belongs to is defined in the file props/jmx-console-roles.properties
Note:
Jmx-console-users.properties format is: User name = password plaintext
Jmx-console-roles.properties format is: User name = role 1, role 2, role 3

You can find these two files, modify the user name and password.


Second, the security configuration of Web-console
1:
Find%jboss_home%/server/default/deploy/management/console-mgr.sar/web-console.war/web-inf/ Jboss-web.xml file, remove the comments for the following XML text.

XML code
<jboss-web>
<depends>jboss.admin:service=PluginManager</depends>
</jboss-web>
2:
With the Jboss-web.xml sibling directory, there is also a file, Web. XML, which finds the following text, uncomment it.

XML code

Java code
  2. <security-constraint>
  4. <web-resource-collection>
  6. <web-resource-name>HtmlAdaptor</web-resource-name>
  8. <description>an Example Security config that is allows users with the
  10. Role jbossadmin to access the HTML JMX console Web application
  12. </description>
  14. <url-pattern>/*</url-pattern>
  20. </web-resource-collection>
  22. <auth-constraint>
  24. <role-name>JBossAdmin</role-name>
  26. </auth-constraint>
  28. </security-constraint>



3: In%jboss_home%/server/default/deploy/management/console-mgr.sar/web-console.war/web-inf/ Web-console-users.properties,web-console-roles.properties file found in the classes directory
Rename them to Users.properties and roles.properties, respectively.
4: The following configuration can be seen in the% Jboss_home%/server/default/conf/login-config.xml file:
XML code

Java code
    1. <application-policy name = "Web-console" >
    2. <authentication>
    3. <login-module code="Org.jboss.security.auth.spi.UsersRolesLoginModule"
    4. Flag = "Required" >
    5. <module-option name="usersproperties" >web-console-users.properties</module-option>
    6. <module-option name="rolesproperties" >web-console-roles.properties</module-option>
    7. </login-module>
    8. </authentication>
    9. </application-policy>


Modify the configuration to:

Java code
  2. <application-policy name = "Web-console" >
  4. <authentication>
  6. <login-module code="Org.jboss.security.auth.spi.UsersRolesLoginModule"
  8. Flag = "Required" >
  10. <module-option name="usersproperties" >users.properties</module-option>
  12. <module-option name="rolesproperties" >roles.properties</module-option>
  14. </login-module>
  16. </authentication>
  18. </application-policy> <!--created these two files primarily in the Login-config.xml sibling directory, users.properties Roles.properties, set user name password problem solved--


You can modify the Users.properties user name and password in the same format as in the two properties file above.

Start the service input http://localhost:8080/jmx-console and http://localhost:8080/web-console test security mechanism, whether Ann and your own modified account information consistent.
You can also start the service input http://localhost:8080/
Then click on the JMX console and the JBoss Web console to test the security mechanism separately.

NOTE: If you configure Web-console, web-console-users.properties and web-console-roles.properties files are not renamed and modified in the Login-config.xml file. <module-option name= "Usersproperties" >users.properties</module-option>
<module-option name= "rolesproperties" >roles.properties</module-option> node content, the console throws exception information. as follows:

Java code
      1. Failed to load Users/passwords/role files
      2. Java.io.IOException:No Properties File:users.properties or Defaults:defaultUsers.properties

JBoss Information Security

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
isf information security forum top information security books information security headhunter information system security notes information system security notes acxiom information security services information security cover letter

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More