Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

10.5. Remove Silent Authentication from the Default Security Realm

Summary

The default installation of JBoss EAP 6 contains a method of silent authentication for a local Management CLI user. This allows the local user the ability to access the Management CLI without username or password authentication. This functionality is enabled as a convenience, and to assist local users running Management CLI scripts without requiring authentication. It is considered a useful feature given that access to the local configuration typically also gives the user the ability to add their own user details or otherwise disable security checks.

The convenience of silent authentication for local users can be disabled where greater security control is required. This can be achieved by removing the local element within the security-realm section of the configuration file. This applies to both the standalone.xml for a Standalone Server instance, or host.xml for a Managed Domain. You should only consider the removal of the local element if you understand the impact that it might have on your particular server configuration.
The preferred method of removing silent authentication is by use of the Management CLI, which directly removes the local element visible in the following example.

Example 10.4. Example of the local element in the security-realm

<security-realms>
    <security-realm name="ManagementRealm">
        <authentication>
            <local default-user="$local"/>
            <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
        </authentication>
    </security-realm>
    <security-realm name="ApplicationRealm">
        <authentication>
            <local default-user="$local" allowed-users="*"/>
            <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
        </authentication>
        <authorization>
            <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
        </authorization>
    </security-realm>
</security-realms>
Copy to Clipboard Toggle word wrap

Prerequisites

  • Start the JBoss EAP 6 instance.
  • Launch the Management CLI.

Procedure 10.1. Remove Silent Authentication from the Default Security Realm

  • Remove silent authentication with the Management CLI

    Remove the local element from the Management Realm and Application Realm as required.
    1. Remove the local element from the Management Realm.

      • For Standalone Servers

        /core-service=management/security-realm=ManagementRealm/authentication=local:remove
        Copy to Clipboard Toggle word wrap

      • For Managed Domains

        /host=HOST_NAME/core-service=management/security-realm=ManagementRealm/authentication=local:remove
        Copy to Clipboard Toggle word wrap
    2. Remove the local element from the Application Realm.

      • For Standalone Servers

        /core-service=management/security-realm=ApplicationRealm/authentication=local:remove
        Copy to Clipboard Toggle word wrap

      • For Managed Domains

        /host=HOST_NAME/core-service=management/security-realm=ApplicationRealm/authentication=local:remove
        Copy to Clipboard Toggle word wrap
Result

The silent authentication mode is removed from the ManagementRealm and the ApplicationRealm.

Report a bug
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat