Anonymous_User Absent Member.
Absent Member.
195 views

Securing JBoss webconsole link.


Hi Guys,

Environment:
Identity Manager Roles Based Provisioning Module Version 4.0.1 Patch B
Build Revision 37827
Running on:
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1

There is a requirement in our business regard to the exposure of this
link: http://<our address>/web-console/.
So, we would like to secure this link, as other normal users should not
be able access it and only admin users would be able to get to it.
Thought of NAM, but, that makes a bit complex.

Any suggestion guys?

Regards,
Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49228

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Securing JBoss webconsole link.

ddgaikwad wrote:

>
> There is a requirement in our business regard to the exposure of this
> link: http://<our address>/web-console/.
> So, we would like to secure this link, as other normal users should
> not be able access it and only admin users would be able to get to it.
> Thought of NAM, but, that makes a bit complex.
>
> Any suggestion guys?



This is a pure JBoss question, not specific to UserApp/RBPM.
JBoss is provided in the convenience install, but it isn't directly
supported by NetIQ.

However, you are in luch as there is a relevant TID.
https://www.netiq.com/support/kb/doc.php?id=3024921

If you need more help, I'd suggest you ask in the jboss support forums
and refer to the JBoss documentation.

A starting point might be here:
https://community.jboss.org/wiki/SecureTheJmxConsole


--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Securing JBoss webconsole link.


Hi Alex,

Thank you for this nice pointer to the TID.
I had thought that, it would as easy as just un-commenting a line in a
configuration file or something, but this is extensive.

Will just start working on it then. 🙂

Regards,
Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49228

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Securing JBoss webconsole link.

On Fri, 15 Nov 2013 11:17:29 +0000, ddgaikwad wrote:

> Thank you for this nice pointer to the TID. I had thought that, it would
> as easy as just un-commenting a line in a configuration file or
> something, but this is extensive.


Securing JBoss is, indeed, extensive.


> Will just start working on it then. 🙂


Do it quickly, or ensure that your system is otherwise protected, because
it doesn't take long for new and unprotected JBoss servers to be found
and compromised.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Securing JBoss webconsole link.


Revisiting the thread after making the changes:

Did the changes as suggested TID, but, when I access web-console link,
it does not ask me for an authentication and just takes me to the page?

Is this something, that changes with every new release of Jboss? And how
can I workaround it?

Regards,
Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49228

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Securing JBoss webconsole link.

On 11/20/2013 09:04 AM, ddgaikwad wrote:
>
> Revisiting the thread after making the changes:
>
> Did the changes as suggested TID, but, when I access web-console link,
> it does not ask me for an authentication and just takes me to the page?
>
> Is this something, that changes with every new release of Jboss? And how
> can I workaround it?
>
> Regards,
> Dinesh
>
>

Greetings,
Make sure that you secured the correct "context" under JBoss. If
for example, your UserApp war is named IDMProv, then you need to secure

/jboss/server/IDMProv/...

If you did
/jboss/server/default
/jboss/server/all
/jboss/server/min

Then you will see the behavior.

In your start-jboss.sh or .bat file you will see -c option which is
telling JBoss which container to "start".



--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Securing JBoss webconsole link.


Hi Steven,

That was a much needed pointer, it did help me out to secure web and jmx
console fine.
Now, that I have tested it in Dev, will be proceeding with our
Production servers.

Regards,
Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49228

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.