9.7.8. Configure Security Realms for the Management Interfaces
The Management Interfaces use security realms to control authentication and access to the configuration mechanisms of JBoss Enterprise Application Platform. This topic shows you how to read and configure security realms. These commands use the Management CLI.
Read a Security Realm's Configuration
This example shows the default configuration for the ManagementRealm security realm. It uses a file called mgmt-users.properties to store its configuration information.
Example 9.18. Default ManagementRealm
/host=master/core-service=management/security-realm=ManagementRealm/:read-resource(recursive=true,proxies=false,include-runtime=false,include-defaults=true)
{
"outcome" => "success",
"result" => {
"authorization" => undefined,
"server-identity" => undefined,
"authentication" => {"properties" => {
"path" => "mgmt-users.properties",
"plain-text" => false,
"relative-to" => "jboss.domain.config.dir"
}}
}
}
Write a Security Realm
The following commands create a new security realm called TestRealm and set the name and directory for the relevant properties file.
Example 9.19. Writing a Security Realm
/host=master/core-service=management/security-realm=TestRealm/:add/host=master/core-service=management/security-realm=TestRealm/authentication=properties/:write-attribute(name=path,value=TestUsers.properties)/host=master/core-service=management/security-realm=TestRealm/authentication=properties/:write-attribute(name=relative-to,value=jboss.domain.config.dir)
Apply a Security Realm to the Management Interface
After adding a security realm, supply its name as a reference to the Management Interface.
Example 9.20. Add a Security Realm to a Management Interface
host=master/core-service=management/management-interface=http-interface/:write-attribute(name=security-realm,value=TestRealm)
Changes to management interfaces take effect after JBoss Enterprise Application Platform is restarted.