Red Hat SummitChapter 7. Configuring User Accounts
7.1. User Accounts
Copy linkLink copied to clipboard!
A user needs an account to be able to log in and use the JBoss Enterprise SOA Platform's various web-based consoles. The default security system reads plain text files (namely
soa-users.properties and soa-roles.properties) to check a user's password and determine their level of access. SOA uses the Java Authentication and Authorization Service (JAAS) to authenticate user accounts.
Warning
Red Hat does not recommend that you run production servers configured with user passwords in clear text files as it compromises security.
7.2. Create User Accounts
Copy linkLink copied to clipboard!
Procedure 7.1. Add a New User
- Open the
soa-users.propertiesfile in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/conf/props/soa-users.properties. Add the user's name and password on a new line, using this syntax:username=password.Here is an example for a user with the login name "Harold":harold=@dm1nU53rNote
Any line in this file that begins with a hash (#) is ignored. (You can use this convention to temporarily disable a user account.) - Save the changes to the file and exit the text editor.
- Open the
soa-roles.propertiesfile in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/conf/props/soa-roles.properties. Add the user and the roles you wish to assign to them on a new line, using this syntax:username=role1,role2,role3.harold=JBossAdmin,HttpInvoker,user,adminNote
You can assign any number of roles. Note that a user must be assigned theJBossAdmin,HttpInvoker,userandadminroles in order to be able to log into the server consoles.Any line in this file that begins with a hash (#) is ignored. You can use this convention to temporarily disable user roles. - Save the changes to the file and exit the text editor.
Result
The user will now be able to log in to the server console at http://localhost:8080. You do not have to restart the server.
7.3. Security Roles
Copy linkLink copied to clipboard!
| Role | Description |
|---|---|
| JBossAdmin | The JBossAdmin role is required to log into the various management components of SOA. It is the primary role so all system administrators should be assigned this role. |
| HttpInvoker | The HttpInvoker role is used by the Http Invoker to access JNDIs and EJBs from remote locations. |
| user | This is used to grant user access to services deployed in SOA if they are configured to utilize the JAAS security domains. The jBPM Console relies on this one role only. |
| admin | This is used to grant administrative access to services deployed in SOA if they are configured to utilize the JAAS security domains. |
7.4. Java Authentication and Authorization Service (JAAS)
Copy linkLink copied to clipboard!
The JAAS 1.0 API consists of a set of Java packages designed for user authentication and authorization. The API implements a Java version of the standard Pluggable Authentication Modules (PAM) framework and extends the Java 2 Platform access control architecture to support user-based authorization.
JAAS was first released as an extension package for JDK 1.3 and is bundled with JDK 1.6.
7.5. Disable a User's Account
Copy linkLink copied to clipboard!
Procedure 7.2. Disable a User's Account
- Open the
soa-users.propertiesfile in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/conf/props/soa-users.properties. Either delete the entire line containing the user's name and password or simply put a hash (#) in front of it to "comment it out."Here is an example for a user with the login name "Harold":#harold=@dm1nU53r - Save the changes to the file and exit the text editor.
Result
The user will no longer be able to log in to the server console. You do not have to restart the server.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}