Jboss Archive

How to configure SSL on JBoss EAP

Create Connector

Picture1

Picture2

Picture3

Picture4

Create Keystores

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname “CN=myserver.beasys.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US” -keypass password -keystore identity.jks -storepass password

keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks

keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass password

keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass password

Configure Keystore using CLI

[standalone@localhost:9999 /] /subsystem=web/connector=https/ssl=configuration:a
dd(certificate-key-file=C:/LABS/identity.jks,password=password,key-alias=mykey)
{“outcome” => “success”}

Encrypting password in JBoss EAP

To encrypt password in Jboss using CLI, you can follow the steps below. This is particularly useful if you want to encrypt password for datasource.

 

1) export JBOSS_HOME=/pallavi/

2) export CLASSPATH=/pallavi/jboss-eap-6.2/modules/system/layers/base/org/picketbox/main/picketbox-4.0.19.SP2-redhat-1.jar:/pallavi/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar:$CLASSPATH

3) java org.picketbox.datasource.security.SecureIdentityLoginModule sa

4) Make changes in your configuration file(eg: standalone.xml) under the security tag as below (search for security:1.2 tag):-

<security-domain name="encrypted-h2ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="sa"/>
<module-option name="password" value="9fdd42c2a7390d3"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/>
</login-module>
</authentication>
</security-domain>

5) Now, remove the user name and password from datasource subsystem and add the below tag:-

<security-domain>h2ds</security-domain>

6) Now, restart the jboss instance as below and test the connectivity as below:-

[root@localhost ~]# /pallavai/bin/jboss-cli.sh
[disconnected /] connect 10.21.12.235:9999
[standalone@10.21.12.235:9999 /] /subsystem=datasources/data-source=ExampleDS:test-connection-in-pool()
{
"outcome" => "success",
"result" => [true]
}

Simple Checklist for WebLogic to JBoss Migration

Compare the supported J2EE specs ( EJB, JMS, Webservices) of the Weblogic Version you are going to migrate from to the JBoss Server version. You will get the details from their official website.

Find out the architecture of the Weblogic Application Server ( How many servers? Clusters? Machines?) either from the config.xml or Admin Console.

Find the dependencies of the applications ( where are third part libraries?)

Find the resources needed by the Application ( Datasources / Queues & Topics / Resource Adapters)

Change the Proxy ( Webserver configurations)

Deployment descriptor changes

Does the application rely of Application Server security? If so you will have to create corresponding users in JBoss.

Migrate the Custom MBeans / Startup classes / Application Listeners.

Change the JNDI lookup code in the application.

Refer this link that explains in details.

How to change Default Ports in JBoss Application Server

These are the default ports in JBoss Application Server

TCP 1090 – RMI/JRMP socket for connecting to the JMX MBeanServer
TCP 1091 – RMI server socket
TCP 1099 – JNDI Service
TCP 1098 – RMI Port for JNDI Service
TCP 4446 – JBoss Remoting Connector
TCP 4712 – JBossTS Service
TCP 4713 – JBossTS Service
TCP 5445 – HornetQ JMS Service
TCP 5455 – HornetQ Netty port
TCP 5500 – JBoss Remoting
TCP 5501 – JBoss Remoting ssl
TCP 8009 – Web server AjpConnector
TCP 8080 – Web server HTTP Connector
TCP 8083 – Web services

To change the port, we need to edit the bindings-jboss-beans.xml present at the following location.

jboss-as\server\myserver1\conf\bindingservice.beans\META-INF\bindings-jboss-beans.xml

e.g. if we want to change the JNDI port, we need to update the port property for the Naming Service

 

 <!-- Naming Service -->
            <bean class="org.jboss.services.binding.ServiceBindingMetadata">
               <property name="serviceName">jboss:service=Naming</property>
               <property name="bindingName">Port</property>
               <property name="port">1999</property>
               <property name="description">The listening socket for the Naming service</property>
            </bean>

Ref :- https://community.jboss.org/wiki/ConfigurePorts

Database authentication on JBoss EAP 5.0

Step 1 Create tables in the database and insert user, group and role information

 

CREATE TABLE USERS (
U_NAME VARCHAR(200) NOT NULL,
U_PASSWORD VARCHAR(50) NOT NULL,
U_DESCRIPTION VARCHAR(1000))
;

CREATE TABLE GROUPS (
G_NAME VARCHAR(200) NOT NULL,
G_DESCRIPTION VARCHAR(1000) NULL)
;

CREATE TABLE ROLES (
U_NAME VARCHAR(200) NOT NULL,
R_NAME VARCHAR(200) NOT NULL,
G_NAME VARCHAR(1000) NULL)
;

Insert into USERS values('faisal','faisal');
Insert into GROUPS values('Admin','Admin');
Insert into ROLES values('faisal','Administrators','Admin');

Step 2 Create a datasource pointing to that database. I am using postgres in this example.

<datasources>
  <local-tx-datasource>
    <jndi-name>jdbc/postgressds</jndi-name>
    <connection-url>jdbc:postgresql://localhost:5432/postgres</connection-url>
    <driver-class>org.postgresql.Driver</driver-class>
    <user-name>postgres</user-name>
    <password>postgres</password>

        <!-- sql to call when connection is created
        <new-connection-sql>some arbitrary sql</new-connection-sql>
        -->

        <!-- sql to call on an existing pooled connection when it is obtained from pool 
        <check-valid-connection-sql>some arbitrary sql</check-valid-connection-sql>
        -->

      <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml -->

  </local-tx-datasource>

</datasources>

 

Step 3 Add the authentication policy in the login-config.xml file

	<application-policy name="databaseauth">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
			<module-option name="dsJndiName">java:jdbc/postgressds</module-option>
			<module-option name="principalsQuery">select U_PASSWORD from USERS where U_NAME=?</module-option>
			<module-option name="rolesQuery">select R_NAME,'Roles' from ROLES where U_NAME=?</module-option>
      </login-module>
    </authentication>
 </application-policy>

Step 4) Access protected page on the application and log in with faisal/faisal.
Note: The role should be Administrators.

Let us know if you face any issues. We’ll be happy to help.

Cheers!
Wonders Team