Securing JBoss with User Application

over 7 years ago

A lot of this content was taken from this URL, but I've listed here what is required for most situations.

First, we'll assume that JBoss and User Application have been installed at the default location of /opt/novell/idm/ and that the Advanced/Provisioning module has been installed with the default context of IDMProv.

Stop the JBoss process.

Most User App installs will create a novlua linux user, if not, create one and give it rights to the file system:

chown -R novlua /opt/novell/idm

NOTE: If you're using the builtin PostgreSQL, you will need to run these two commands to return the rights for the postgres daemon:

chown -R :daemon /opt/novell/idm/Postgres
chown -R postgres:postgres /opt/novell/idm/Postgres/data

Edit the /etc/init.d/jboss_init script and change the following parameter:




Set up SSL as described in my other article How to SSLize User Application on JBoss using eDirectory’s Certificate Authority for Linux.

It's always safe to move the following to a backup location rather than deleting blindly:

  • /opt/novell/idm/jboss/server/IDMProv/conf/
    1. File: jax-ws-catalog.xml
  • /opt/novell/idm/jboss/server/IDMProv/conf/props/
    1. File:
    2. File:
  • /opt/novell/idm/jboss/server/IDMProv/deploy/
    1. Directory: admin-console.war
    2. Directory: jbossws.sar
    3. Directory: jmx-console.war
    4. Directory: jmx-remoting.sar
    5. Directory: management
    6. File: profileservice-jboss-beans.xml
    7. Directory: profileservice-secured.jar
    8. Directory: xnio-provider.jar
  • /opt/novell/idm/jboss/server/IDMProv/deployers/
    1. Directory: jbossws.deployer
    2. Directory: seam.deployer
    3. Directory: webbeans.deployer
    4. Directory: xnio.deployer

Keep the file /opt/novell/idm/jboss/server/IDMProv/deploy/jmx-invoker-service.xml as it is required by the init script to stop the jboss server.

Edit the /opt/novell/idm/jboss/server/IDMProv/deploy/ROOT.war/WEB-INF/web.xml file and comment out the following (you may want to keep this bit if you're behind a Load Balancer as it provides the health status of JBoss):

< !--
  < servlet>
    < servlet-name>Status Servlet< /servlet-name>
    < servlet-class>org.jboss.web.tomcat.service.StatusServlet< /servlet-class>
  < /servlet>
  < servlet-mapping>
    < servlet-name>Status Servlet< /servlet-name>
    < url-pattern>/status< /url-pattern>
  < /servlet-mapping>

Finally, clean up the old deployments:

rm -fr /opt/novell/idm/jboss/server/IDMProv/tmp/*
rm -fr /opt/novell/idm/jboss/server/IDMProv/work/jboss.web/localhost/

Now JBoss can be started.



Support Tip
Comment List
Related Discussions