Creating a New User in the JBoss EAP Server

The management interfaces in a JBoss Enterprise Application Platform are secured by default, and hence there is no default user. This is a security precaution, to prevent security breaches from remote systems due to simple configuration errors. Without a user, administrators may not be able to use the web-based Management Console of the JBoss AS/EAP server. It is therefore mandatory to create an initial administrative user, who will be able to use the web-based Management Console and remote instances of the Management CLI to configure and administer JBoss from remote systems. This user can be either the Management user or the Application user. A Management user is added to the ManagementRealm of the JBoss AS/EAP server and is authorized to perform management operations using the web-based management console or the Management CLI. On the other hand, the Application user is added to the ApplicationRealm and this user has no particular permissions and is provided for use with applications.

In order to monitor the JBoss AS/EAP server, the eG agent has to be configured with the credentials of a Management/Application user, so that it can access the JBoss management console and management CLI for running commands and pulling out desired metrics. While you can use any existing management/application user for this purpose, it is recommended that you create a new user. Typically, the type of user you need to create will vary according to the operating mode (standalone or domain) of the target JBoss EAP server.

If the server being monitored is running in the standalone mode, then you need to create a Management user in the ManagementRealm, and pass the credentials of this user to the eG tests. On the other hand, if the server being monitored is running in the domain mode, then create a new Application user in the ApplicationRealm, and configure eG tests with the credentials of this user.

To create a Management user on a standalone server, follow the steps below:

  1. In order to add a user to the JBoss AS/EAP server, you will require either one of the following files available in the <JBOSS_INSTALL_DIR\bin> location:

    • add-user.sh
    • add-user.bat
  2. Execute the add-user.bat file in case the JBoss AS/EAP server is installed on a Windows environment and execute the add-user.sh file in case the JBoss AS/EAP server is installed on a Linux environment.

  3. Once the file is executed, you will be required to choose the type of the user that you wish to add. To add a Management User, specify a.

    What type of user do you wish to add?
    Management User (mgmt-user.properties)
    Application User (application-users.properties)
    (a): a

  4. Specify the credentials of the user that you wish to add. Make a note of the 'Username' and 'Password' you provide here, as these are the credentials that you will have to pass to the eG tests.

    Username: elvis
    Password:*****
    Re-enter Password:****

  5. If the Management User option is chosen at step 3, then the user will be added to the ManagementRealm of the JBoss AS/EAP server. Specify yes to confirm the same.

    About to add user ‘elvis’ for realm ‘ManagementRealm’
    Is this correct yes/no? yes

  6. Now, the user will be added to the mgmt-users.properties of the JBoss AS/EAP server installation. At the next prompt, indicate whether the user being added represents another instance of JBoss EAP, which must be able to authenticate to join a cluster as a member. If you specify yes here, then the user you are adding will be designated for this purpose. If you specify no here, then the user will not be able to communicate with other server instances in a cluster setup.

    Is this new user going to be used for one AS process to connect to another AS process? e.g. slave domain controller? yes/no? no

  7. If you specify yes in Step 7, a secret value will appear which needs to be copied and stored separately for future reference. Whenever a new JBoss AS/EAP instance is added in a domain, specifying the secret value while configuring the new instance will let the new instance be the slave of the JBoss AS/EAP installation in a cluster setup i.e., a user will be allowed to communicate with all the associated instances once the secret value is shared.

    To represent the user add the server-identities definition (secret value=”AWEStanW4cmziQ”).

To create an Application user on a server operating in the domain mode, follow the steps below:

  1. In order to add a user to the JBoss AS/EAP server, you will require either one of the following files available in the <JBOSS_INSTALL_DIR\bin> location:

    • add-user.sh
    • add-user.bat

  2. Execute the add-user.bat file in case the JBoss AS/EAP server is installed on a Windows environment and execute the add-user.sh file in case the JBoss AS/EAP server is installed on a Linux environment.

  3. Once the file is executed, you will be required to choose the type of the user that you wish to add. To add an ApplicationUser, specify b.

    What type of user do you wish to add?
    Management User (mgmt-user.properties)
    Application User (application-users.properties)
    (a): b

  4. Specify the credentials of the user that you wish to add. Make a note of the 'Username' and 'Password' you provide here, as these are the credentials that you will have to pass to the eG tests if the target server is operating in the domain node.

    Username: elvis
    Password:*****
    Re-enter Password:****

  5. If the Application User option is chosen at step 3, then the user will be added to the ApplicationRealm of the JBoss AS/EAP server. Specify yes to confirm the same.

    About to add user ‘elvis’ for realm ‘ApplicationRealm’
    Is this correct yes/no? yes

  6. If you wish to associate the user with a role, then you can provide a comma-separated list of roles. If you do not wish to associate the user with any role, then simply press Enter at this prompt. This will trigger user creation.

    What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none):

  7. Now, the user will be added to the application-users.properties and the application-roles.properties of the JBoss AS/EAP server installation. At the next prompt, indicate whether the user being added represents another instance of JBoss EAP, which must be able to authenticate to join a cluster as a member. If you specify yes here, then the user you are adding will be designated for this purpose. If you specify no here, then the user will not be able to communicate with other server instances in a cluster setup.

    8. Is this new user going to be used for one AS process to connect to another AS process? e.g. slave domain controller? yes/no? yes

  8. If you specify yes in Step 7, a secret value will appear which needs to be copied and stored separately for future reference. Whenever a new JBoss AS/EAP instance is added in a domain, specifying the secret value while configuring the new instance will let the new instance be the slave of the JBoss AS/EAP installation in a cluster setup i.e., a user will be allowed to communicate with all the associated instances once the secret value is shared.

    To represent the user add the server-identities definition (secret value=”AWEStanW4cmziQ”).