eG Administration
 

Creating a new Management User for JBoss AS/EAP

The management interfaces in a JBoss Enterprise Application Platform are secured by default, and hence there is no default user. This is a security precaution, to prevent security breaches from remote systems due to simple configuration errors. Without a user, administrators may not be able to use the web-based Management Console of the JBoss AS/EAP server. It is therefore mandatory to create an initial administrative user, who will be able to use the web-based Management Console and remote instances of the Management CLI to configure and administer JBoss Enterprise Application Platform 6 from remote systems. This user can be either the Management User or the Application User. A Management User is added to the ManagementRealm of the JBoss AS/EAP server and is authorized to perform management operations using the web-based management console or the Management CLI. On the other hand, the Application user is added to the ApplicationRealm and this user has no particular permissions and is provided for use with applications. In order to monior the JBoss AS/EAP server, a user has to be created so that the JBoss AS/EAP server is accessed through the web-based management console. Therefore it is necessary to add a Management User in the JBoss AS/EAP server. Let us now discuss the steps on how to add a Management User below:

  1. In order to add a user to the JBoss AS/EAP server, you will require either one of the following files available in the <JBOSS_INSTALL_DIR\bin> location:

    • add-user.sh
    • add-user.bat

  2. Execute the add-user.bat file in case the JBoss AS/EAP server is installed on a Windows environment and execute the add-user.sh file in case the JBoss AS/EAP server is installed on a Linux environment.

  3. Once the file is executed, you will be required to choose the type of the user that you wish to add. If you wish to add a Management User specify a or if you wish to add an Application User, specify b as mentioned below.

    What type of user do u wish to add?
    Management User (mgmt-user.properties)
    Application User (application-users.properties)
    (a): a

  4. Specify the credentials of the user that you wish to add. In our example, let us consider the Username as ‘elvis’. Specify the Username and Password accordingly and proceed to step 5.

    Username: elvis
    Password:*****
    Re-enter Password:****

  5. If you wish to associate the user to a group in the JBoss AS/EAP server installation, then you can provide a comma-separated list of groups or if you do not wish to associate the user to any group, you can do so as shown below:

    What groups do you want this user to belong to? (Please enter a comma separated list, or leave blanck for none):

  6. By default, if the Management User option is chosen, then the user will be added to the ManagementRealm of the JBoss AS/EAP server. Specify yes to confirm the same so that the user is added to the ManagementRealm.

    About to add user ‘elvis’ for realm ‘ManagementRealm’
    Is this correct yes/no? yes

  7. Now, the user will be added to the mgmt-users.properties and the mgmt-groups.properties of the JBoss AS/EAP server installation. Then, specify yes if a user of any other JBoss AS/EAP instance needs to be authenticated to join the cluster as a member. This authentication is mandatorily required for a JBoss AS/EAP cluster setup.

    Is this new server going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for a server to server EJB calls. yes/no? yes

  8. Once you specify yes in Step 7, a secret value will appear which needs to be copied and stored separately for future reference. Whenever a new JBoss AS/EAP instance is added in a domain, specifying the secret value while configuring the new instance will let the new instance be the slave of the JBoss AS/EAP installation in a cluster setup i.e., a user will be allowed to communicate with all the associated instances once the secret value is shared.

    To represent the user add the server-identities definition (secret value=“AWEStanW4cmziQ”).

Once the Management User is created, administrators can login to the JBoss management console and perform management operations extensively.