Bug 778455 (SOA-933) - Console security not documented in the Getting Started Guide
Summary: Console security not documented in the Getting Started Guide
Keywords:
Status: CLOSED NEXTRELEASE
Alias: SOA-933
Product: JBoss Enterprise SOA Platform 4
Classification: JBoss
Component: Documentation
Version: 4.3 IR5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.3 CP01
Assignee: Dana Mison
QA Contact:
URL: http://jira.jboss.org/jira/browse/SOA...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-10-10 12:26 UTC by Julian Coleman
Modified: 2009-02-24 16:05 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
N/A
Last Closed: 2009-02-24 16:05:25 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SOA-933 0 None None None Never

Description Julian Coleman 2008-10-10 12:26:38 UTC 
Date of First Response: 2008-10-14 04:17:48
project_key: SOA

It is not possible to access the consoles by default, without editing the soa-users.properties
file.  This should be documented in the Getting Started Guide.  I suggest the following text
is appended to section 2.2 (Starting JBoss Enterprise SOA Platform), but before the note
about headless=true in SOA-906:

  Access to the server consoles is controlled by the `soa-users.properties' and
  `soa-roles.properties' files in the `jboss-as/server/<profile-name>/conf/props' directory,
  where `<profile-name>' is the name of the profile (e.g. `production' or `default').  By
  default, no users are allowed access to the consoles.  As a minimum, you should
  uncomment the `admin=admin' line in the `soa-users.properties' file, which will allow
  access to the consoles with username `admin' and password `admin'.
Comment 1 Dana Mison 2008-10-14 08:17:48 UTC 
Content added to Getting Started Guide:

2.2.1. Enabling Access to the Server Consoles
Access to the server consoles is disabled in the default configuration.
To grant access you need to edit the files soa-users.properties and soa-roles.properties.
These files are located in the conf/props directory of the server profile that you wish to allow access
for.

soa-users.properties contains a list of users and their passwords in plain text. The format is
username=password.

soa-roles.properties contains a list of users and the server roles that are assigned to them. The
format is username=role1,role2,role3 where there can be any number of roles.

These user and role details do not correspond to any other account details, such as a operating
system user account. You can arbitrarily create user accounts here.

Procedure 2.6. Enabling Access to the Server Consoles
1. You need to add the required username and password to soa-users.properties, or enable
     the user admin by uncommenting that line. If you enable the admin user you should also change
     its password.
         #admin=admin
         harold=@dm1nU53r
     Example 2.3. A new user added in soa-users.properties

2.   You also must add that user to the soa-roles.properties file. The roles the user must be
     assigned to for Server Console access are JBossAdmin, HttpInvoker, user and admin.
         #admin=JBossAdmin,HttpInvoker,user,admin
         harold=JBossAdmin,HttpInvoker,user,admin
     Example 2.4. Assigning user roles in soa-roles.properties
Comment 2 Len DiMaggio 2009-02-24 16:05:25 UTC 
Verified in the doc here:  https://svn.corp.jboss.com/repos/soa/branches/4.3/build-tools/docs/esb/
Note You need to log in before you can comment on or make changes to this bug.