Follow

Securing EBP with a single user under WildFly 8

This is part of the Heirloom Computing Elastic Batch Platform.

It's possible to create a simple security model for EBP under Wildfly 8 whereby we protect access to all of EBP including the home page using a single user defined in Wildfly. In order to do this the following steps should be taken:

Add the following to your jboss-web.xml (or create that file with just the following in it):

<jboss-web>
<context-root></context-root>
<security-domain>other</security-domain>
</jboss-web>

Note: The 'other' corresponds to the security-domain defined in standalone.xml

Add the following to your web.xml:

<security-constraint>
<web-resource-collection>
<web-resource-name>Require basic auth for EBP user services</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint> 
<role-name>EBP-admin</role-name> 
</auth-constraint> 
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee> 
</user-data-constraint> 
</security-constraint> 
<login-config>  
<auth-method>BASIC</auth-method> 
</login-config>

Note: the url-pattern should correspond to the base url of the installed war. For more complex protection of different urls for different users see the main EBP security topic.

Note: the role-name of EBP-admin corresponds to groups set up in ebp.properties and will have to match the group the user is assigned to in the next step.

Run add-user.sh/bat in Wildfly to add a user using the following settings:

 

What type of user do you wish to add? 
a) Management User (mgmt-users.properties) 
b) Application User (application-users.properties)
(a): b
Username : ian
Password : ****
Re-enter Password : ****
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: EBP-admin
Is this correct yes/no? y

Edit your ebp.properties file and modify rac.userrole=EBP-user to be rac.userrole=EBP-admin

This will ensure that all functions of EBP will check for a user in the EBP-admin group you just added your user to.

 

Restart Wildfly, connect to the EBP url and you should see an authentication dialog appear.

Confirm you can log in using the new user created. 

Confirm the functions of EBP (define/start/submit etc) work as expected.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk