WildFly Management API Configuration: Difference between revisions
Line 77: | Line 77: | ||
==<tt>mgmt-users.properties</tt>== | ==<tt>mgmt-users.properties</tt>== | ||
<tt>mgmt-users.properties</tt> stores usernames and hashed passwords. By default, the realm expects the entries to be in the format < | <tt>mgmt-users.properties</tt> stores usernames and hashed passwords. By default, the realm expects the entries to be in the format | ||
<pre> | |||
username=HEX(MD5(username ':' realm':' password)) | |||
</pre> | |||
Users can be added with the utility scripts <tt>bin/add-user.sh</tt>, <tt>bin/add-user.bat</tt>. | Users can be added with the utility scripts <tt>bin/add-user.sh</tt>, <tt>bin/add-user.bat</tt>. |
Revision as of 02:52, 10 February 2016
Internal
Overview
... <management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local" skip-group-loading="true"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <local default-user="$local" allowed-users="*" skip-group-loading="true"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> </security-realms> <audit-log> <formatters> <json-formatter name="json-formatter"/> </formatters> <handlers> <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> </handlers> <logger log-boot="true" log-read-only="false" enabled="false"> <handlers> <handler name="file"/> </handlers> </logger> </audit-log> <management-interfaces> <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> <socket-binding http="management-http"/> </http-interface> </management-interfaces> <access-control provider="simple"> <role-mapping> <role name="SuperUser"> <include> <user name="$local"/> </include> </role> </role-mapping> </access-control> </management> ...
Management Realm Configuration Files
The security information is maintained in flat files. The files are configured with <security-realm><authentication><properties> configuration element and their location is relative to , which could be $JBOSS_HOME/standalone/configuration or $JBOSS_HOME/domain/configuration, depending on the mode WildFly is run in (standalone or domain). For more details, see jboss.server.config.dir. The files can be modified at any time, updates after the server has started will be automatically detected.
mgmt-users.properties
mgmt-users.properties stores usernames and hashed passwords. By default, the realm expects the entries to be in the format
username=HEX(MD5(username ':' realm':' password))
Users can be added with the utility scripts bin/add-user.sh, bin/add-user.bat.
Example:
# admin=2a0923285184943425d1f53ddd58ec7a
mgmt-roles.properties
mgmt-roles.properties stores user-to-role mappings.
mgmt-groups.properties
This is an optional file. It stores user-to-group mappings and it is only used when Role-based Access Control (RBAC) is enabled. For more details about RBAC, see https://home.feodorov.com:9443/wiki/Wiki.jsp?page=JBoss7SecurityConcepts#section-JBoss7SecurityConcepts-RoleBasedAccessControl
Groups membership information is used to assign the user specific management roles. This is used for domain management. The format of this file is as follows:
username=role1,role2,role3,
Groups can be managed with the utility scripts bin/add-user.sh, bin/add-user.bat.
Application Realm Configuration Files
The files live in Template:$JBOSS HOME/standalone/configuration or Template:$JBOSS HOME/domain/configuration, depending on the mode JBoss is run in.