11.8.8. Configure Security Realms for the Management Interfaces

The management interfaces use security realms to control authentication and access to the configuration mechanisms of JBoss EAP 6. A Security Realm is similar to a Unix group. It is effectively a database of usernames and passwords that can be use to authenticate users.
Default Management Realm

The management interfaces are configured to use the ManagementRealm security realm by default. The ManagementRealm stores its user password combinations in the file mgmt-users.properties.

Example 11.18. Default ManagementRealm

/host=master/core-service=management/security-realm=ManagementRealm/:read-resource(recursive=true,proxies=false,include-runtime=false,include-defaults=true)
{
    "outcome" => "success",
    "result" => {
        "authorization" => undefined,
        "server-identity" => undefined,
        "authentication" => {"properties" => {
            "path" => "mgmt-users.properties",
            "plain-text" => false,
            "relative-to" => "jboss.domain.config.dir"
        }}
    }
}
Create a new Security Realm

The following commands create a new security realm called TestRealm and set the directory for the relevant properties file.

Example 11.19. Create a new Security Realm

/host=master/core-service=management/security-realm=TestRealm/:add
/host=master/core-service=management/security-realm=TestRealm/authentication=properties/:add(path=TestUsers.properties, relative-to=jboss.domain.config.dir)
Configure Security Realm authentication through an existing Security Domain

To use Security Domain to authenticate to the Management interfaces:

First, create a Security Realm. Then, set specify it as the value for the security-realm attribute of the management interface:

Example 11.20. Specify a Security Realm to use for the HTTP Management Interface

/host=master/core-service=management/management-interface=http-interface/:write-attribute(name=security-realm,value=TestRealm)