EAP7.0.0_HowToConfigureServerSecurity.pdf

Reload hosthost1 important you also need to ensure

This preview shows page 29 - 31 out of 85 pages.

reload --host=host1 Important You also need to ensure that each host’s certificate is imported into the domain controller’s truststore. 2.2.10. Disabling Remote Access to JMX Remote access to the JMX subsystem allows for JDK and application management operations to be triggered remotely. To disable remote access to JMX in JBoss EAP, remove the remoting connector in the JMX subsystem: Removing the Remoting Connector For more information on JMX, please see the JMX section of the Red Hat JBoss Enterprise Application Platform Security Architecture Guide 2.2.11. Using JAAS for Securing the Management Interfaces JAAS is a declarative security API used by JBoss EAP to manage security. For more details and background regarding JAAS and declarative security, see the Declarative Security and JAAS section of the Red Hat JBoss Enterprise Application Platform Security Architecture Guide . Note When JBoss EAP instances are configured to run in ADMIN_ONLY mode, using JAAS to secure the management interfaces is not supported. For more information on ADMIN_ONLY mode, please see the Running JBoss EAP in ADMIN_ONLY Mode section of the JBoss EAP Configuration Guide . To use JAAS to authenticate to the management interfaces, the following steps must be performed: 1. Create a security domain 2. Create a security realm with JAAS authentication 3. Update the Management Interfaces to use new security realm /subsystem=jmx/remoting-connector=jmx/:remove CHAPTER 2. SECURING THE SERVER AND ITS INTERFACES 25
Image of page 29

Subscribe to view the full document.

4. Optional - Assign group membership 1. Creating a security domain In this example, a security domain is created with the UserRoles login module, but other login modules may be used as well: 2. Create a security realm with JAAS authentication To create a security realm with JAAS Authentication: 3. Update the Management Interfaces to use new security realm To update the http-interface to use the new realm: 4. Optional - Assign group membership The attribute assign-groups determines whether loaded user membership information from the security domain is used for group assignment in the security realm. When set to true this group assignment is used for Role-Based Access Control (RBAC). To configure the assign-groups attribute: 2.2.12. Silent Authentication /subsystem=security/security-domain=UsersLMDomain:add(cache-type=default) /subsystem=security/security- domain=UsersLMDomain/authentication=classic:add /subsystem=security/security- domain=UsersLMDomain/authentication=classic/login- module=UsersRoles:add(code=UsersRoles, flag=required,module-options= [( "usersProperties" => "users.properties" ), ( "rolesProperties" => "roles.properties" )]) /core-service=management/security-realm=SecurityDomainAuthnRealm:add /core-service=management/security- realm=SecurityDomainAuthnRealm/authentication=jaas:add(name=UsersLMDomain ) /core-service=management/management-interface=http-interface/:write- attribute(name=security-realm,value=SecurityDomainAuthnRealm) /core-service=management/security- realm=SecurityDomainAuthnRealm/authentication=jaas:write-
Image of page 30
Image of page 31
  • Spring '17
  • azmat fatma
  • Red Hat, jboss eap, Red Hat JBoss, Enterprise Application Platform

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern