Adding Users to WildFly Security Realms: Difference between revisions
(Created page with "=Internal= * WildFly Security Realms") |
No edit summary |
||
| Line 1: | Line 1: | ||
=External= | |||
* https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#Add_a_User_to_a_Security_Realm1 | |||
=Internal= | =Internal= | ||
* [[WildFly Security Realms#Adding_Users_to_Security_Realms|WildFly Security Realms]] | * [[WildFly Security Realms#Adding_Users_to_Security_Realms|WildFly Security Realms]] | ||
!!!Add a User to a Security Realm | |||
!!User Name Restrictions | |||
!!Add a User to the Application Realm | |||
This is an example of how to add a user to the application realm with {{add-user.sh}}. | |||
Be aware of [JBoss 7 Security Configuration#UserNameRestrictions]. | |||
Run example: | |||
{{{ | |||
C:\runtime\jboss-eap-6.0\bin>add-user.bat | |||
What type of user do you wish to add? | |||
a) Management User (mgmt-users.properties) | |||
b) Application User (application-users.properties) | |||
(a): b | |||
Enter the details of the new user to add. | |||
Realm (ApplicationRealm) : | |||
Username : test | |||
Password : | |||
Re-enter Password : | |||
What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: guest | |||
About to add user 'test' for realm 'ApplicationRealm' | |||
Is this correct yes/no? yes | |||
Added user 'test' to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-users.properties' | |||
Added user 'test' to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-users.properties' | |||
Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-roles.properties' | |||
Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-roles.properties' | |||
Is this new user going to be used for one AS process to connect to another AS process e.g. slave domain controller? | |||
yes/no? no | |||
Press any key to continue . . . | |||
}}} | |||
The script modifies the following files: | |||
{{{ | |||
${JBOSS_HOME}/standalone/configuration/application-users.properties | |||
${JBOSS_HOME}/standalone/configuration/application-roles.properties | |||
${JBOSS_HOME}/standalone/domain/configuration/application-users.properties | |||
${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties | |||
}}} | |||
It does not really care if there's no JBoss 7 process running. | |||
!!Add a User to the Management Realm | |||
This is an example of how to add a user to the management realm with {{add-user.sh}}. | |||
Be aware of [JBoss 7 Security Configuration#UserNameRestrictions]. | |||
If this user will be used only for local access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below. | |||
{{{ | |||
nombp1:bin ovidiu$ ./add-user.sh | |||
What type of user do you wish to add? | |||
a) Management User (mgmt-users.properties) | |||
b) Application User (application-users.properties) | |||
(a): a | |||
Enter the details of the new user to add. | |||
Using realm 'ManagementRealm' as discovered from the existing property files. | |||
Username : novaordis.management.user | |||
Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file. | |||
- The password must not be one of the following restricted values {root, admin, administrator} | |||
- The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s) | |||
- The password must be different from the username | |||
Password : | |||
Re-enter Password : | |||
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: DomainManagement | |||
About to add user 'novaordis.management.user' for realm 'ManagementRealm' | |||
Is this correct yes/no? yes | |||
Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-users.properties' | |||
Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-users.properties' | |||
Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties' | |||
Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-groups.properties' | |||
Is this new user going to be used for one AS process to connect to another AS process? | |||
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. | |||
yes/no? yes | |||
To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" /> | |||
}}} | |||
The script modifies the following files: | |||
{{{ | |||
$JBOSS_HOME/standalone/configuration/mgmt-users.properties | |||
$JBOSS_HOME/domain/configuration/mgmt-users.properties | |||
$JBOSS_HOME/standalone/configuration/mgmt-groups.properties | |||
$JBOSS_HOME/domain/configuration/mgmt-groups.properties | |||
}}} | |||
It does not care if there's no JBoss 7 process running. | |||
!Secret Value | |||
The "secret value" generated by the above procedure is actually the {{openssl enc -base64}} of the password. | |||
{{{ | |||
echo -n "myPassword" | openssl enc -base64 | |||
}}} | |||
The values are identical and can be used interchangeably. | |||
Revision as of 00:18, 12 February 2016
External
Internal
!!!Add a User to a Security Realm
!!User Name Restrictions
!!Add a User to the Application Realm
This is an example of how to add a user to the application realm with Template:Add-user.sh.
Be aware of [JBoss 7 Security Configuration#UserNameRestrictions].
Run example:
{{{
C:\runtime\jboss-eap-6.0\bin>add-user.bat
What type of user do you wish to add?
a) Management User (mgmt-users.properties) b) Application User (application-users.properties)
(a): b
Enter the details of the new user to add. Realm (ApplicationRealm) : Username : test Password : Re-enter Password : What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: guest About to add user 'test' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'test' to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-users.properties' Added user 'test' to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-users.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-roles.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process e.g. slave domain controller? yes/no? no Press any key to continue . . . }}}
The script modifies the following files:
{{{ ${JBOSS_HOME}/standalone/configuration/application-users.properties ${JBOSS_HOME}/standalone/configuration/application-roles.properties ${JBOSS_HOME}/standalone/domain/configuration/application-users.properties ${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties }}}
It does not really care if there's no JBoss 7 process running.
!!Add a User to the Management Realm
This is an example of how to add a user to the management realm with Template:Add-user.sh.
Be aware of [JBoss 7 Security Configuration#UserNameRestrictions].
If this user will be used only for local access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.
{{{ nombp1:bin ovidiu$ ./add-user.sh
What type of user do you wish to add?
a) Management User (mgmt-users.properties) b) Application User (application-users.properties)
(a): a
Enter the details of the new user to add. Using realm 'ManagementRealm' as discovered from the existing property files. Username : novaordis.management.user Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
- The password must not be one of the following restricted values {root, admin, administrator}
- The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
- The password must be different from the username
Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: DomainManagement About to add user 'novaordis.management.user' for realm 'ManagementRealm' Is this correct yes/no? yes Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-users.properties' Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-users.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-groups.properties' Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" /> }}}
The script modifies the following files:
{{{ $JBOSS_HOME/standalone/configuration/mgmt-users.properties $JBOSS_HOME/domain/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties $JBOSS_HOME/domain/configuration/mgmt-groups.properties }}}
It does not care if there's no JBoss 7 process running.
!Secret Value
The "secret value" generated by the above procedure is actually the Template:Openssl enc -base64 of the password.
openssl enc -base64
The values are identical and can be used interchangeably.