Difference between revisions of "Securing JBoss"
(Created page with 'When you run JBoss, OpenKM is accessible through the 8080 port. The bad news is that JBoss web console and JMX console is accessible and everybody can read and modify JBoss confi…') |
|||
Line 1: | Line 1: | ||
When you run JBoss, OpenKM is accessible through the 8080 port. The bad news is that JBoss web console and JMX console is accessible and everybody can read and modify JBoss configuration. This is particularity dangerous if the OpenKM is accessible from Internet. | When you run JBoss, OpenKM is accessible through the 8080 port. The bad news is that JBoss web console and JMX console is accessible and everybody can read and modify JBoss configuration. This is particularity dangerous if the OpenKM is accessible from Internet. | ||
+ | |||
+ | == JMX Console == | ||
+ | Edit the configuration file: | ||
+ | $ vim $JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml | ||
+ | |||
+ | Uncomment the block <security-constraint>. Edit this other configuration file: | ||
+ | |||
+ | $ vim $JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml | ||
+ | |||
+ | Uncomment the block defined by <security-domain>. Edit the users file: | ||
+ | |||
+ | $ vim $JBOSS_HOME/server/default/conf/props/jmx-console-users.properties | ||
+ | |||
+ | Change the password of the admin user. | ||
+ | |||
+ | == Web Console == | ||
+ | Edit the configuration file: | ||
+ | |||
+ | $ vim $JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml | ||
+ | |||
+ | Uncomment the block <security-constraint>. Edit this other configuration file: | ||
+ | |||
+ | $ vim $JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml | ||
+ | |||
+ | Uncomment the block defined by <security-domain>. Edit also this file: | ||
+ | |||
+ | $ vim $JBOSS_HOME/server/default/conf/login-config.xml | ||
+ | |||
+ | Change the path of the files web-console-users.properties and web-console-roles.properties (add props/ at the beginning of the file name) | ||
+ | |||
+ | <source lang="xml"> | ||
+ | <module-option name="usersProperties">props/web-console-users.properties | ||
+ | </module-option> | ||
+ | <module-option name="rolesProperties">props/web-console-roles.properties | ||
+ | </module-option> | ||
+ | </source> | ||
+ | |||
+ | And copy the files to the new location: | ||
+ | |||
+ | $ cp $JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-*.properties $JBOSS_HOME/server/default/conf/props | ||
+ | |||
+ | Now all the authentication files are located in the same folder. Edit the users file: | ||
+ | |||
+ | $ vim $JBOSS_HOME/server/default/conf/props/web-console-users.properties | ||
+ | |||
+ | Change the password of the admin user. The last step is restart JBoss: | ||
+ | |||
+ | $ /etc/init.d/jboss restart | ||
+ | |||
+ | For more info, visit http://jboss.org/community/docs/DOC-12190. |
Revision as of 09:35, 25 January 2010
When you run JBoss, OpenKM is accessible through the 8080 port. The bad news is that JBoss web console and JMX console is accessible and everybody can read and modify JBoss configuration. This is particularity dangerous if the OpenKM is accessible from Internet.
JMX Console
Edit the configuration file:
$ vim $JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml
Uncomment the block <security-constraint>. Edit this other configuration file:
$ vim $JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
Uncomment the block defined by <security-domain>. Edit the users file:
$ vim $JBOSS_HOME/server/default/conf/props/jmx-console-users.properties
Change the password of the admin user.
Web Console
Edit the configuration file:
$ vim $JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml
Uncomment the block <security-constraint>. Edit this other configuration file:
$ vim $JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml
Uncomment the block defined by <security-domain>. Edit also this file:
$ vim $JBOSS_HOME/server/default/conf/login-config.xml
Change the path of the files web-console-users.properties and web-console-roles.properties (add props/ at the beginning of the file name)
<module-option name="usersProperties">props/web-console-users.properties
</module-option>
<module-option name="rolesProperties">props/web-console-roles.properties
</module-option>
And copy the files to the new location:
$ cp $JBOSS_HOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-*.properties $JBOSS_HOME/server/default/conf/props
Now all the authentication files are located in the same folder. Edit the users file:
$ vim $JBOSS_HOME/server/default/conf/props/web-console-users.properties
Change the password of the admin user. The last step is restart JBoss:
$ /etc/init.d/jboss restart
For more info, visit http://jboss.org/community/docs/DOC-12190.