{"id":1387,"date":"2009-12-08T11:57:34","date_gmt":"2009-12-08T16:57:34","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=1387"},"modified":"2009-12-08T11:57:34","modified_gmt":"2009-12-08T16:57:34","slug":"setup-jboss-login-modules","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=1387","title":{"rendered":"Setup JBoss Login Modules"},"content":{"rendered":"

UsersRolesLoginModule<\/h2><\/span>\n

Create users.properties file<\/h3><\/span>\n

* cd \/server\/myserver\/conf\/props
\n* vi my-users.properties<\/p>\n

\r\nuser1=user1pass\r\nuser2=user2pass\r\n<\/pre>\n
* chmod g-r my-users.properties<\/p>\n
Create roles.properties file<\/h3><\/span>\n
* cd \/server\/myserver\/conf\/props
\n* vi my-roles.properties<\/p>\n
\r\nuser1=admin\r\nuser2=payroll\r\n<\/pre>\n
* chmod g-r my-users.properties<\/p>\n
Setup login-config.xml<\/h3><\/span>\n
* cd \/server\/myserver\/conf
\n* Add to login-config.xml<\/p>\n
\r\n\r\n  \r\n    \r\n      \r\n        props\/my-users.properties\r\n      <\/module-option>\r\n      \r\n        props\/my-roles.properties\r\n      <\/module-option>\r\n    <\/login-module>\r\n  <\/authentication>\r\n<\/application-policy>\r\n<\/pre>\n
LdapExtLoginModule<\/h2><\/span>\n
Setup login-config.xml<\/h3><\/span>\n
* cd \/server\/myserver\/conf
\n* Add to login-config.xml<\/p>\n
\r\n\r\n  \r\n     \r\n      ldap:\/\/ad.my.com:389<\/module-option>\r\n      user1<\/module-option>\r\n      password<\/module-option>\r\n      CN=Users,DC=my,DC=com<\/module-option>\r\n      (sAMAccountName={0})<\/module-option>\r\n      CN=Users,DC=my,DC=com<\/module-option>\r\n      (member={1})<\/module-option>\r\n      cn<\/module-option>\r\n      false<\/module-option>\r\n      2<\/module-option>\r\n      ONELEVEL_SCOPE<\/module-option>\r\n      false<\/module-option>\r\n    <\/login-module>\r\n  <\/authentication>\r\n<\/application-policy>\r\n<\/pre>\n
LdapExtLoginModule with Secure LDAP<\/h2><\/span>\n
Create trust store<\/h3><\/span>\n
\r\nkeytool -import -v -keystore mytruststore -alias ad-root -storepass changeit -file ad-root.cer\r\nkeytool -import -v -keystore mytruststore -alias ad-box -storepass changeit -file ad-box.cer\r\n<\/pre>\n
Setup JBoss to use trust store<\/h3><\/span>\n
Use properties-service.xml<\/h4><\/span>\n
* cd \/server\/myserver\/deploy
\n* edit properties-service.xml<\/p>\n
\r\n\r\n  \r\n    javax.net.ssl.trustStore=\/absolute\/path\/to\/mytruststore\r\n    javax.net.ssl.trustStorePassword=changeit\r\n  <\/attribute>\r\n<\/mbean>\r\n<\/pre>\n
Use run.conf<\/h4><\/span>\n
* cd \/bin
\n* Add to run.conf<\/p>\n
\r\n# Set trust store file location\r\nJAVA_OPTS=\"$JAVA_OPTS -Djavax.net.ssl.trustStore=\/absolute\/path\/to\/mytruststore\"\r\n\r\n# Set trust store password\r\nJAVA_OPTS=\"$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=changeit\"\r\n\r\n# Turn off host verification if needed. Turn off in production.\r\n#JAVA_OPTS=\"$JAVA_OPTS -Dorg.jboss.security.ignoreHttpsHost=true\"\r\n\r\n# Turn on ssl handshake debugging if needed. Turn off in production.\r\n#JAVA_OPTS=\"$JAVA_OPTS -Djavax.net.debug=ssl,handshake\"\r\n<\/pre>\n
Setup login-config.xml<\/h3><\/span>\n
* cd \/server\/myserver\/conf
\n* Add to login-config.xml<\/p>\n
\r\n\r\n  \r\n     \r\n      useFirstPass<\/module-option>\r\n      ldaps:\/\/ad.my.com:636<\/module-option>\r\n      user1<\/module-option>\r\n      password<\/module-option>\r\n      CN=Users,DC=my,DC=com<\/module-option>\r\n      (sAMAccountName={0})<\/module-option>\r\n      CN=Users,DC=my,DC=com<\/module-option>\r\n      (member={1})<\/module-option>\r\n      cn<\/module-option>\r\n      false<\/module-option>\r\n      2<\/module-option>\r\n      ONELEVEL_SCOPE<\/module-option>\r\n      false<\/module-option>\r\n    <\/login-module>\r\n  <\/authentication>\r\n<\/application-policy>\r\n<\/pre>\n
Stacking Multiple Login Modules<\/h2><\/span>\n
* Add to login-config.xml<\/p>\n
\r\n\r\n  \r\n    \r\n      useFirstPass<\/module-option>\r\n      \r\n        props\/my-users.properties\r\n      <\/module-option>\r\n      \r\n        props\/my-roles.properties\r\n      <\/module-option>\r\n    <\/login-module>\r\n     \r\n      useFirstPass<\/module-option>\r\n      ldaps:\/\/ad.my.com:636<\/module-option>\r\n      user1<\/module-option>\r\n      password<\/module-option>\r\n      CN=Users,DC=my,DC=com<\/module-option>\r\n      (sAMAccountName={0})<\/module-option>\r\n      CN=Users,DC=my,DC=com<\/module-option>\r\n      (member={1})<\/module-option>\r\n      cn<\/module-option>\r\n      false<\/module-option>\r\n      2<\/module-option>\r\n      ONELEVEL_SCOPE<\/module-option>\r\n      false<\/module-option>\r\n    <\/login-module>\r\n  <\/authentication>\r\n<\/application-policy>\r\n<\/pre>\n
Use Login Modules in Web Applications<\/h2><\/span>\n
See this post<\/a> for an example of using UsersRolesLoginModule to secure jmx-console and web-console.<\/p>\n
References<\/h2><\/span>\n
LdapLoginModule<\/a>
\nLdapExtLoginModule<\/a>
\nStacking Login Modules<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
UsersRolesLoginModule Create users.properties file * cd \/server\/myserver\/conf\/props * vi my-users.properties user1=user1pass user2=user2pass * chmod g-r my-users.properties Create roles.properties file * cd \/server\/myserver\/conf\/props * vi my-roles.properties user1=admin user2=payroll * chmod g-r my-users.properties Setup login-config.xml * cd \/server\/myserver\/conf * Add to login-config.xml … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[30],"tags":[],"class_list":["post-1387","post","type-post","status-publish","format-standard","hentry","category-jboss"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-mn","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1387"}],"version-history":[{"count":1,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1387\/revisions"}],"predecessor-version":[{"id":1388,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/1387\/revisions\/1388"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}