Chapter 10. Security Configuration
JBoss Messaging makes internal connections between nodes in order to redistribute messages between clustered destinations. These connections are made with the user name of a special reserved user whose password is specified in the property
suckerPassword
in the messaging and server configuration files.
The suckerPassword used by JBoss Messaging in a clustered environment is contained in the
jboss-as/server/$PROFILE/deploy/messaging/messaging-jboss-beans.xml
file and the messaging-service.xml
file. These files contain directives that specify the encrypted suckerPassword
.
Changing the Password in messaging-jboss-beans.xml
Complete this task to change the distribution placeholder password in
messaging-jboss-beans.xml
.
Procedure 10.1. Setting suckerPassword for JBoss Messaging
- Navigate to the
<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/
directory. - Open the
messaging-jboss-beans.xml
file in your preferred text editor. - Change the
suckerPassword
placeholder value from"CHANGE ME!!"
to a plain text password:<property name="suckerPassword">CHANGE ME!!</property>
Make note of the new password; it will be used in the next task. - Save the file.
Creating the encrypted JBoss Messaging suckerPassword
Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtil tool.
- In a terminal, change to
<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/
. - Run the following command:
/path/to/java/executable -cp JBOSS_HOME/client/jboss-messaging-client.jar org.jboss.messaging.util.SecurityUtil PLAIN_TEXT_PASSWORD
- PLAIN_TEXT_PASSWORD is the password you set in
messaging-jboss-beans.xml
in the previous task.As an example:Example 10.1. Test Encrypted Password
Running the following command (from theJBOSS_HOME/jboss-as/server/$PROFILE/deploy/messaging/
directory) .../usr/bin/java -cp ../../../../client/jboss-messaging-client.jar org.jboss.messaging.util.SecurityUtil test
...produced the following encrypted password:key len: 14 length max: 2147483647 Encoded password: 5e2c1ae5a618317
- Make note of the encrypted password output; it will be used in the next task.
Specifying an encrypted suckerPassword for JBoss Messaging
Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files.
Prerequisites
- You have a terminal open at the
<JBOSS_HOME>/server/<PROFILE>/deploy/messaging/
directory.
- In a text editor, open the
messaging-service.xml
file. - Paste the encrypted password from the previous procedure into the
SuckerPassword
attribute:<attribute name="SuckerPassword">ENCRYPTED_PASSWORD</attribute>
- Save the
messaging-service.xml
file.