Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering JBoss Enterprise Application Platform 7

You're reading from   Mastering JBoss Enterprise Application Platform 7 Core details of the Enteprise server supported by clear directions and advanced tips.

Arrow left icon
Product type Paperback
Published in Aug 2016
Publisher Packt
ISBN-13 9781786463630
Length 390 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (2):
Arrow left icon
Luigi Fugaro Luigi Fugaro
Author Profile Icon Luigi Fugaro
Luigi Fugaro
Francesco Marchioni Francesco Marchioni
Author Profile Icon Francesco Marchioni
Francesco Marchioni
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Installation and Configuration FREE CHAPTER 2. The CLI Management Tool 3. Managing EAP in Domain Mode 4. Deploying Applications 5. Load Balancing 6. Clustering EAP 7 7. Logging 8. Configuring Database Connectivity 9. Configuring EAP 7 for Java EE Applications 10. Messaging Administration 11. Securing the Application Server 12. New Security Features of EAP 7 13. Using EAP 7 with Docker 14. Running EAP 7 on the Cloud Using OpenShift

Basic server administration

Once the installation has been completed, it's about time to complete some basic administration tasks. The most obvious one involves creating one or more users for managing your platform. Out of the box, a script called add-user.sh is provided along with your installation. The purpose of this script is to manage two different types of user:

  • Management users: users in charge of administrating your application server
  • Application users: users in charge of accessing your applications

Note

Important notice!

The add-user script uses a very simple file-based mechanism to store the users' information. This can be acceptable for basic security requirements. Real-world scenarios, however, would need to use more appropriate security polices as detailed in Chapter 11, Securing the Application Server, of this book.

You can execute the add-user script both in an interactive way and in an automatic way.

In order to execute the add-user script in an interactive way, just execute it as follows and provide the requested information:

$ ./add.user.sh
What type of user do you wish to add? 
 a) Management User (mgmt-users.properties) 
 b) Application User (application-users.properties)
(a): a
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing 
    property files.
Username : administrator1
. . . . .
Password : 
Re-enter Password : 
What groups do you want this user to belong to? (Please enter a
    comma separated list, or leave blank for none)[  ]: 
About to add user 'administrator1' for realm 'ManagementRealm'
Is this correct yes/no? yes
To represent the user add the following to the server-
    identities definition <secret value="UGFzc3dvcmQxIQ==" />

We have removed some negligible information from the output so that you can focus on the required arguments of the script. The previous information can be filled in also in a non- interactive way by providing the username with the -u parameter, the password with the -p, and the group (if needed) with -g. You can discriminate between management users and application users with the -m and -a parameters.

Here is how to create a management user:

$ ./add-user.sh -m -u administrator1 -p Securepassword1!

Note

Once you have created the management user, you can verify that the login correctly lets you through the management console, which is available at http://localhost:9990.

On the other hand, here is the shell script to create an application user belonging to the guest group:

$ ./add-user.sh -a -u demouser -p Securepassword1! -g guest

Note

Beware that creating users in a non-interactive way exposes your user/password information across the shell history system process table if you are a Linux user.

Once you have created your users the following files (contained in the configuration folder of your server base directory) will be updated:

-rw-rw-r--. 1 francesco francesco   711 Oct 26 06:13 
    application-roles.properties
-rw-------. 1 francesco francesco   935 Oct 26 06:13 
    application-users.properties
-rw-rw-r--. 1 francesco francesco   646 Nov 24 16:11 mgmt-
    groups.properties
-rw-------. 1 francesco francesco  1111 Nov 24 16:11 mgmt-
    users.properties

The application-roles.properties holds the list of roles granted to application users. The file application-users.properties contains the list of application users and their hashed passwords. Conversely, mgmt-groups.properties contains the list of roles granted to management users and  mgmt-users.properties holds the management users and their hash passwords. As a final note, the password contained in *-users.properties files is in hash using this format:

username=HEX( MD5( username ':' realm ':' password)) 

Note

How to recover the password

Being an MD5 based hash means that the password is not reversible. On the other hand, consider that most hashes are also non-unique; rather, they're unique enough, so a collision is highly improbable, but still possible.

You have been reading a chapter from
Mastering JBoss Enterprise Application Platform 7
Published in: Aug 2016
Publisher: Packt
ISBN-13: 9781786463630
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime