Tag: CLI

How to create custom Dead Letter Queue in JBoss AS 7.1.2 using CLI


Starting of this year we had shared a Working example of Dead Letter Queue in JBoss AS 5.1 which was using JBoss Messaging when JBoss AS 7 was not realised. However we all know that JBoss AS 7 is using HorrnetQ and in this article we would be sharing the steps on how to create a custom DLQ for a particular queue and would be using the same working example but with few changes to get it working with JBossAS7

For this article we would be using JBoss AS 7.1.2 and the same concept would be used, which is after a specified unsuccessful delivery attempts (i.e. max-delivery-attempts in JBoss AS 7), the message is removed from the destination and moves it inside the defined custom Dead Letter Queue (DLQ) where the messages can be consumed for further investigation.

Features To Discuss

  1. We would be creating a queue using CLI
  2. Then creating a custom DLQ and assign it to the newly created queue using CLI
  3. In testing we would make sure that if a message is having a string as “Hello World”, then that message would be rolled backed after specified unsuccessful delivery attempts and would be moved in our custom created DLQ and other messages can be consumed without any issue.

Steps to create a custom Dead Letter Queue in JBoss 7.1.2 using CLI

Using the below CLI file we are doing total 3 things at the same-time and that too with one command, now that’s called saving time 😉

  • Creating a Queue with a name MyQueue and having a remote enabled JNDI name /MyQueue which has a prefix as “java:jboss/exported”
  • Creating a custom DLQ with a name MyDLQ and having a local JDNI name /MyDLQ
  • And configuring the custom DLQ MyDLQ with the queue MyQueue by creating a new address-setting particularly for MyQueue
  1. Create a file called MyQueue-add.cli in the bin folder of JBoss and copy the below content
  2. connect
    
    #Adding MyQueue
    /subsystem=messaging/hornetq-server=default/jms-queue=MyQueue/:add(entries=["java:jboss/exported/MyQueue"],durable=false)
    
    #Adding MyDLQ
    /subsystem=messaging/hornetq-server=default/jms-queue=MyDLQ/:add(entries=["java:/MyDLQ"],durable=false)
    
    #Adding address-settings for MyQueue
    /subsystem=messaging/hornetq-server=default/address-setting=jms.queue.MyQueue/:add(address-full-policy=BLOCK,dead-letter-address=jms.queue.MyDLQ,max-size-bytes=10485760,message-counter-history-day-limit=10,max-delivery-attempts=3,redelivery-delay=0)
    
  3. Now we need to create a new Application User by running “${JBOSS_HOME}/bin/add-user.sh” script as following :
  4. [user@user bin]$ ./add-user.sh
    
    What type of user do you wish to add?
     a) Management User (mgmt-users.properties)
     b) Application User (application-users.properties)
    (a): b
    
    Enter the details of the new user to add.
    Realm (ApplicationRealm) :  ApplicationRealm
    Username : testuser
    Password : testpassword
    Re-enter Password : testpassword
    
    What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none) : guest
    About to add user 'testuser' for realm 'ApplicationRealm'
    
    Is this correct yes/no? yes
    
    Added user 'testuser' to file '/home/user/jboss-as-7.1.2.Final/standalone/configuration/application-users.properties'
    Added user 'testuser' to file '/home/user/jboss-as-7.1.2.Final/domain/configuration/application-users.properties'
    Added user 'testuser' with roles testrole to file '/home/user/jboss-as-7.1.2.Final/standalone/configuration/application-roles.properties'
    Added user 'testuser' with roles testrole to file '/home/user/jboss-as-7.1.2.Final/domain/configuration/application-roles.properties'
    
    
  5. Make sure that the JBoss AS 7.1.2 is running, in our case we started JBoss AS 7.1.2 standalone-full.xml profile.
  6. [user@user bin]$ ./standalone.sh -c standalone-full.xml
    
  7. Now you just have to run the below command to execute above three things
  8. [user@user bin]$ ./jboss-cli.sh --file=MyQueue-add.cli
    {"outcome" => "success"}
    {"outcome" => "success"}
    {"outcome" => "success"}
    [user@user bin]$
    

    Once your above CLI command is executed successfully you will notice the following in your JBossAS 7.1.2 configuration file “standalone-full.xml”:

    <address-settings>
        <address-setting match="#">
    	.
    	.
    	.
        </address-setting>
        <address-setting match="jms.queue.MyQueue">
            <dead-letter-address>jms.queue.MyDLQ</dead-letter-address>
            <redelivery-delay>0</redelivery-delay>
            <max-delivery-attempts>3</max-delivery-attempts>
            <max-size-bytes>10485760</max-size-bytes>
            <address-full-policy>BLOCK</address-full-policy>
            <message-counter-history-day-limit>10</message-counter-history-day-limit>
        </address-setting>
    </address-settings>
    .
    .
    .
    <jms-destinations>
        <jms-queue name="MyQueue">
            <entry name="java:/exported/MyQueue"/>
            <durable>false</durable>
        </jms-queue>
        <jms-queue name="MyDLQ">
            <entry name="java:/MyDLQ"/>
            <durable>false</durable>
        </jms-queue>
    </jms-destinations>
    
  9. That’s it !!! You are done configuring a simple queue with a custom DLQ, having a max-delivery-attempts as 3, now if a message which is in MyQueue does not get delivered in 3 attempts then that message would be moved to MyDLQ which is a custom DLQ. Let’s test this out using the sender and receiver Java code.

Testing

  1. Create a Directory somewhere in your file system like: “/urs/JBossAS7.1.2/HQ/Queue” to write the QueueSend.java and QueueReceive.java programs.
  2. In QueueSend.java copy the below program
    import java.io.*;
    import java.io.*;
    import java.util.Hashtable;
    import javax.jms.JMSException;
    import javax.jms.Queue;
    import javax.jms.QueueConnection;
    import javax.jms.QueueConnectionFactory;
    import javax.jms.QueueSender;
    import javax.jms.QueueSession;
    import javax.jms.Session;
    import javax.jms.TextMessage;
    import javax.naming.Context;
    import javax.naming.InitialContext;
    import javax.naming.NamingException;
    
    public class QueueSend
    {
    public final static String JNDI_FACTORY="org.jboss.naming.remote.client.InitialContextFactory";
    
    //*************** Connection Factory JNDI name *************************
    public final static String JMS_FACTORY="/jms/RemoteConnectionFactory";
    
    //*************** Remote enabled Queue JNDI name *************************
    public final static String QUEUE="/MyQueue";
    
    private QueueConnectionFactory qconFactory;
    private QueueConnection qcon;
    private QueueSession qsession;
    private QueueSender qsender;
    private Queue queue;
    private TextMessage msg;
    
    public void init(Context ctx, String queueName)throws NamingException, JMSException
    {
    qconFactory = (QueueConnectionFactory) ctx.lookup(JMS_FACTORY);
    
    //*************** Creating Queue Connection using the UserName & Password *************************
    qcon = qconFactory.createQueueConnection("testuser","testpassword");   			//<------------- Change the UserName & Password
    
    qsession = qcon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
    queue = (Queue) ctx.lookup(queueName);
    qsender = qsession.createSender(queue);
    msg = qsession.createTextMessage();
    qcon.start();
    }
    
    public void send(String message) throws JMSException {
    msg.setText(message);
    qsender.send(msg);
    }
    
    public void close() throws JMSException {
    qsender.close();
    qsession.close();
    qcon.close();
    }
    
    public static void main(String[] args) throws Exception {
    if (args.length != 1) {
    System.out.println("Usage: java QueueSend URL");
    return;
    }
    InitialContext ic = getInitialContext(args[0]);
    QueueSend qs = new QueueSend();
    qs.init(ic, QUEUE);
    readAndSend(qs);
    qs.close();
    }
    
    private static void readAndSend(QueueSend qs) throws IOException, JMSException
    {
    String line="Test Message Body with counter = ";
    BufferedReader br=new BufferedReader(new InputStreamReader(System.in));
    boolean readFlag=true;
    System.out.println("ntStart Sending Messages (Enter QUIT to Stop):n");
    while(readFlag)
    {
    System.out.print(" ");
    String msg=br.readLine();
    if(msg.equals("QUIT") || msg.equals("quit"))
    {
    qs.send(msg);
    System.exit(0);
    }
    qs.send(msg);
    System.out.println();
    }
    br.close();
    }
    
    private static InitialContext getInitialContext(String url) throws NamingException
    {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
    env.put(Context.PROVIDER_URL, url);
    
    //*************** UserName & Password for the Initial Context for JNDI lookup *************************
    env.put(Context.SECURITY_PRINCIPAL, "testuser");
    env.put(Context.SECURITY_CREDENTIALS, "testpassword");
    
    return new InitialContext(env);
    }
    }
    
  3. In QueueReceive.java copy the below program, which has a creating a transacted JMS Session and in “onMessage” we are checking it the text message which is been received contents “hello world” ignoring the case would get roll-backed if not would get committed to test our DLQ.
    import java.util.Hashtable;
    import javax.jms.*;
    import javax.naming.Context;
    import javax.naming.InitialContext;
    import javax.naming.NamingException;
    
    public class QueueReceive implements MessageListener
    {
    public final static String JNDI_FACTORY="org.jboss.naming.remote.client.InitialContextFactory";
    
    //*************** Connection Factory JNDI name *************************
    public final static String JMS_FACTORY="/jms/RemoteConnectionFactory";
    
    //*************** Remote enabled Queue JNDI name *************************
    public final static String QUEUE="/MyQueue";
    
    private QueueConnectionFactory qconFactory;
    private QueueConnection qcon;
    private QueueSession qsession;
    private QueueReceiver qreceiver;
    private Queue queue;
    private boolean quit = false;
    
    public void onMessage(Message msg)
    {
    	try
    	{
    		String msgText;
    		if (msg instanceof TextMessage)
    		{
    			msgText = ((TextMessage)msg).getText();
    		}
    		else
    		{
    			msgText = msg.toString();
    		}
    		if (msgText.equalsIgnoreCase("hello world"))
    		{
    			System.out.println("nt "+ msgText +", hence rolling back");
    			// Here we are rolling back the session.
    			// The "Hello World" message which we received is not committed, hence it's undelivered and goes back to the TestQ
    			qsession.rollback();
    		}
    		else
    		{
    			System.out.println("nt "+ msgText );
    			// Here we are committing the session to acknowledge that we have received the message from the TestQ
    			qsession.commit();
    		}
    
    		if (msgText.equalsIgnoreCase("quit"))
    		{
    			synchronized(this)
    			{
    				quit = true;
    				this.notifyAll();
    			}
    		}
    	}
    	catch (JMSException jmse)
    	{
    	jmse.printStackTrace();
    	}
    }
    
    public void init(Context ctx, String queueName) throws NamingException, JMSException
    {
    	qconFactory = (QueueConnectionFactory) ctx.lookup(JMS_FACTORY);
    
            //*************** Creating Queue Connection using the UserName & Password *************************
    	qcon = qconFactory.createQueueConnection("testuser","testpassword");   			//<------------- Change the UserName & Password
    
    	//Creating a *transacted* JMS Session to test our DLQ
    	qsession = qcon.createQueueSession(true, 0);
    
    	queue = (Queue) ctx.lookup(queueName);
    	qreceiver = qsession.createReceiver(queue);
    	qreceiver.setMessageListener(this);
    	qcon.start();
    }
    
    public void close()throws JMSException
    {
    qreceiver.close();
    qsession.close();
    qcon.close();
    }
    
    public static void main(String[] args) throws Exception
    {
    if (args.length != 1)
    {
    System.out.println("Usage: java QueueReceive URL");
    return;
    }
    InitialContext ic = getInitialContext(args[0]);
    QueueReceive qr = new QueueReceive();
    qr.init(ic, QUEUE);
    System.out.println("JMS Ready To Receive Messages (To quit, send a "quit" message from QueueSender.class).");
    
    synchronized(qr)
    {
    while (! qr.quit)
    {
    try
    {
    qr.wait();
    }
    catch (InterruptedException ie)
    {}
    }
    }
    qr.close();
    }
    
    private static InitialContext getInitialContext(String url) throws NamingException
    {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
    env.put(Context.PROVIDER_URL, url);
    
    //*************** UserName & Password for the Initial Context for JNDI lookup *************************
    env.put(Context.SECURITY_PRINCIPAL, "testuser");
    env.put(Context.SECURITY_CREDENTIALS, "testpassword");
    
    return new InitialContext(env);
    }
    }
    
  4. Now open 2– command prompt and run the “. ./setJBossEnv.sh” by adding two DOTs separated by a single space, in both the prompts to set the Environment (PATH & CLASSPATH).
  5. setJBossEnv.sh

    #!/bin/sh
    echo "Exporting JBOSS_HOME...."
    export JBOSS_HOME=/Jboss/jboss-as-7.1.2.Final   #<---- Change as per your environment
    echo "JBOSS_HOME Exported....!!!"
    echo ""
    echo "Exporting JAVA_HOME...."
    export JAVA_HOME=/Jdk/jdk1.6.0_21    #<---- Change as per your environment
    echo "JBOSS_HOME Exported....!!!"
    echo ""
    echo "Exporting CLASSPATH...."
    export CLASSPATH=$JBOSS_HOME/bin/client/jboss-client.jar:$CLASSPATH:.:
    echo "CLASSPATH Exported....!!!"
    echo ""
    echo "Exporting PATH...."
    export PATH=$JAVA_HOME/bin:$PATH
    echo "PATH Exported....!!!"
    echo ""
    echo "========================================================================"
    echo "JBOSS_HOME = " $JBOSS_HOME
    echo ""
    echo "JAVA_HOME = " $JAVA_HOME
    echo ""
    echo "CLASSPATH = " $CLASSPATH
    echo ""
    echo "PATH = " $PATH
    echo "========================================================================"
    
  6. Then compile the QueueSend.java and QueueReceive.java programs.
  7. Now run the code with the following command
  8. Prompt-1

    java QueueSend remote://localhost:4447
     

    Prompt-2

    java QueueReceive remote://localhost:4447
     

  9. Once this is been done try to send some messages (i.e. with “hello world” one of them ) in the Prompt-1 which can be revived on Prompt-2. , however the message which is “hellow world” would be rollbacked and as per the “max-delivery-attempts” value 3 times it would be re-sent and then it would be moved to the DLQ.

    CLI

    [user@user bin]$ ./jboss-cli.sh -c /subsystem=messaging/hornetq-server=default/jms-queue=MyDLQ/:count-messages
    {
        "outcome" => "success",
        "result" => 1L
    }
    

    OR

    Admin console path:
    Runtime – Status – JMS Destination – MyDLQ – “Messages in Queue:”


Management User Authentication using Encrypted Passwords with Database LoginModule AS7

Hi,

We have seen that using “$JBOSS_HOME/bin/add-user.sh” script we can create Management & Application Users. Using “add-user.sh” script when we create users then the credentials of Management user is stored inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” and inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” file. Even though the passwords are encrypted in these properties file still many administrators like to store their management credentials inside the Database rather than storing them inside the Database.

In our previous Demo we saw how to Authenticate Management Users based on the “DatabaseServerLoginModule” http://middlewaremagic.com/jboss/?p=2187 But the problem with that approach is we can see the Cleartext passwords present inside the Database as following:

mysql> select * from PRINCIPLES;
+--------------+----------+
| principal_id | password |
+--------------+----------+
| adminUser    | admin123 |
+--------------+----------+
1 row in set (0.00 sec)

But in this Current Demo we will see how we can store the Encrypted (MD5 + hex) password in the Database so that it will be safe. This can be simply achieved by adding the following two module options in the “security-domain”


    <module-option name="hashAlgorithm" value="MD5"/>
    <module-option name="hashEncoding" value="hex"/>

We will see it in more details so first we will proceed with creating the Hashed Password. Here we will write a simple program in order to Encrypt the Management User’s password.

Program to Encrypt Management User’s Password

Step1). Write the following program “EncryptPassword.java” inside your file system somewhere.

import java.security.MessageDigest;
import java.math.BigInteger;
import org.jboss.crypto.CryptoUtil;

public class EncryptPassword
  {
    public static void main(String ar[]) throws Exception
     {
       /*
       You will need the following JAFRs in your classpath in order to compile & run this program 
       export CLASSPATH=$JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.7.Final.jar:$JBOSS_HOME/bin/client/jboss-client.jar:$CLASSPATH:.:
       */

       //String clearTextPassword=ar[0]+":ManagementRealm:"+ar[1];     //---> This is how JBoss Encrypts password

       String clearTextPassword=ar[0];
       String hashedPassword=CryptoUtil.createPasswordHash("MD5", "hex", null, null, clearTextPassword);
       System.out.println("clearTextPassword: "+clearTextPassword);
       System.out.println("hashedPassword: "+hashedPassword);
     }
  }

Step2). Now Open a terminal/Command prompt then set the PATH to include the JDK “bin” directory in it. Also we will set the CLASSPATH by including the “picketbox-4.0.7.Final.jar” and “jboss-client.jar” jar, which are required in order to compile and run the program. As soon as we will run the following program we will see the HashedPassword which we need to insert in the database “PRINCIPLES” table.


export JBOSS_HOME=/home/userone/jboss-as-7.1.1.Final

export CLASSPATH=$JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.7.Final.jar:$JBOSS_HOME/bin/client/jboss-client.jar:$CLASSPATH:.:

javac EncryptPassword.java 

java EncryptPassword admin123

_________

OUTPUT
_________

clearTextPassword: admin123
hashedPassword: 0192023a7bbd73250516f069df18b500

MySQL Database & Datasource configuration

First of all we will see what all configurations are needed at the Database end and the Datasource configuration.
Step3). Start the MySQL database and then create the following Tables with the required Data as mentioned:

CREATE TABLE PRINCIPLES ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
CREATE TABLE ROLES ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));

Insert into PRINCIPLES values('adminUser','0192023a7bbd73250516f069df18b500');
Insert into ROLES values('adminUser','admin','admin');

You can insert more records in your database based on your requirement. I created only one Admin User.

mysql> select * from PRINCIPLES;
+--------------+----------------------------------+
| principal_id | password                         |
+--------------+----------------------------------+
| adminUser    | ec28e69f42b23f2e524572c4f263263d |
+--------------+----------------------------------+
1 row in set (0.00 sec)

***NOTE*** As you can see that actually the password for user “adminUser” is “admin123” but we entered the Encrypted password (0192023a7bbd73250516f069df18b500) for this user inside the Database not the Clear Text Password.

JBossAS7 side configuration

Step4). Place the MySQL database driver “mysql-connector-java-5.1.13-bin.jar” inside the “$JBOSS_HOME/standalone/deployments” directory.

Step5). Now start your JBossAS7 standalone profile as following:

[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml -bmanagement 10.10.10.10 -b 20.20.20.20

NOTE: You can start your Server in localhost address as well. Here i started the JBoss Management interface at 10.10.10.10 Address where as the public interface on “20.20.20.20”.

Step6). It’s time to create a DataSource. So lets start the JBossAS7.1.1.Final and then open the JBoss CLI utility “$JBOSS_HOME/bin/jboss-cli.sh” then run the following command in order to create MySQL DataSource as following:

 [userone@localhost bin]$ ./jboss-cli.sh --connect --controller=10.10.10.10:9999

 [standalone@10.10.10.10:9999 /] /subsystem=datasources/data-source="java:jboss/MySqlDS":add(jndi-name="java:jboss/MySqlDS",pool-name="MySqlPool",driver-name="mysql-connector-java-5.1.13-bin.jar",connection-url="jdbc:mysql://localhost:3306/testDB",user-name="root",password="redhat")

Once the above command executes successfully executes you will see the following kind of entry inside your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file (Inside the “[subsystem xmlns=”urn:jboss:domain:datasources:1.0″]” subsystem):

   <datasource jndi-name="java:jboss/MySqlDS" pool-name="java:jboss/MySqlDS">
       <connection-url>jdbc:mysql://localhost:3306/testDB</connection-url>
       <driver>mysql-connector-java-5.1.13-bin.jar</driver>
       <security>
          <user-name>root</user-name>
          <password>redhat</password>
       </security>
   </datasource>

Step7). Now we will create a Security-Domain inside the “[subsystem xmlns=”urn:jboss:domain:security:1.1″]” subsystem of your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as following:

  <security-domain name="DBAuthTest">
      <authentication>
         <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/MySqlDS"/>
            <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>
            <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>
            <module-option name="password-stacking" value="useFirstPass"/>

            <!-- Encryption Related module-options -->
            <module-option name="hashAlgorithm" value="MD5"/>
            <module-option name="hashEncoding" value="hex"/>

         </login-module>
         <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
            <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>
            <module-option name="replaceRole" value="false"/>
         </login-module>
     </authentication>
   </security-domain>

Step8). As you can see above that in the “RoleMappingLoginModule” configuration we passed a file “test-roles.properties” for mapping the database user to the authorization role. So we will need to now create a file with name “test-roles.properties” inside the following location
“$JBOSS_HOME/standalone/configuration/test-roles.properties”
and
“$JBOSS_HOME/domain/configuration/test-roles.properties”

#username=RoleName
adminUser=admin

Step9). The Most important part now. We will edit the “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as well as “$JBOSS_HOME/domain/configuration/domain.xml” file <management> <security-realms> section as following sothat our custom security “DBAuthTest” can be associated with this ManagementRealm:

    <security-realm name="ManagementRealm">
        <authentication>
             <jaas name="DBAuthTest"/>
        </authentication>
    </security-realm>

Step10). Restart your JBossAS7 profile and then try to access the JBoss Console “http://10.10.10.10:9990/console” with the database table credential like
username: adminUser
password: admin123

.
.
Thanks 🙂
MiddlewareMagic Team


Configuring JBossAS7 ManagementRealm with the Database LoginModule

Hi,
Hi,
We have seen that using “$JBOSS_HOME/bin/add-user.sh” script we can create Management & Application Users. Using “add-user.sh” script when we create users then the credentials of Management user is stored inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” and inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” file. Even though the passwords are encrypted still many administrators like to store their management credentials inside the Database rather than storing them inside the Database.

So here as part of this Demo we will see how to create a Database authentication “security-domain” and how to associate the “ManagementRealm” with the “DBAuthTest” security-domain. We will need to follow the below mentioned steps in order to achieve the same.

MySQL Database & Datasource configuration

First of all we will see what all configurations are needed at the Database end and the Datasource configuration.
Step1). Start the MySQL database and then create the following Tables with the required Data as mentioned:

CREATE TABLE PRINCIPLES ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
CREATE TABLE ROLES ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));

Insert into PRINCIPLES values('adminUser','admin123');
Insert into ROLES values('adminUser','admin','admin');

You can insert more records in your database based on your requirement. I created only one Admin User.

JBossAS7 side configuration

Step2). Place the MySQL database driver “mysql-connector-java-5.1.13-bin.jar” inside the “$JBOSS_HOME/standalone/deployments” directory.

Step3). Now start your JBossAS7 standalone profile as following:

[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml -bmanagement 10.10.10.10 -b 20.20.20.20

NOTE: You can start your Server in localhost address as well. Here i started the JBoss Management interface at 10.10.10.10 Address where as the public interface on “20.20.20.20”.

Step4). It’s time to create a DataSource. So lets start the JBossAS7.1.1.Final and then open the JBoss CLI utility “$JBOSS_HOME/bin/jboss-cli.sh” then run the following command in order to create MySQL DataSource as following:

 [userone@localhost bin]$ ./jboss-cli.sh --connect --controller=10.10.10.10:9999

 [standalone@10.10.10.10:9999 /] /subsystem=datasources/data-source="java:jboss/MySqlDS":add(jndi-name="java:jboss/MySqlDS",pool-name="MySqlPool",driver-name="mysql-connector-java-5.1.13-bin.jar",connection-url="jdbc:mysql://localhost:3306/testDB",user-name="root",password="redhat")

Once the above command executes successfully executes you will see the following kind of entry inside your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file (Inside the “[subsystem xmlns=”urn:jboss:domain:datasources:1.0″]” subsystem):

   <datasource jndi-name="java:jboss/MySqlDS" pool-name="java:jboss/MySqlDS">
       <connection-url>jdbc:mysql://localhost:3306/testDB</connection-url>
       <driver>mysql-connector-java-5.1.13-bin.jar</driver>
       <security>
          <user-name>root</user-name>
          <password>redhat</password>
       </security>
   </datasource>

Step5). Now we will create a Security-Domain inside the “[subsystem xmlns=”urn:jboss:domain:security:1.1″]” subsystem of your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as following:

   <security-domain name="DBAuthTest">
       <authentication>
           <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
               <module-option name="dsJndiName" value="java:jboss/MySqlDS"/>
               <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>
               <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>
           </login-module>
           <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
               <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>
               <module-option name="replaceRole" value="false"/>
           </login-module>
       </authentication>
   </security-domain>

Step6). As you can see above that in the “RoleMappingLoginModule” configuration we passed a file “test-roles.properties” for mapping the database user to the authorization role. So we will need to now create a file with name “test-roles.properties” inside the following location
“$JBOSS_HOME/standalone/configuration/test-roles.properties”
and
“$JBOSS_HOME/domain/configuration/test-roles.properties”

#username=RoleName
adminUser=admin

Step7). The Most important part now. We will edit the “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as well as “$JBOSS_HOME/domain/configuration/domain.xml” file <management> <security-realms> section as following sothat our custom security “DBAuthTest” can be associated with this ManagementRealm:

    <security-realm name="ManagementRealm">
        <authentication>
             <jaas name="DBAuthTest"/>
        </authentication>
    </security-realm>

Step8). Restart your JBossAS7 profile and then try to access the JBoss Console “http://10.10.10.10:9990/console” with the database table credential like

[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml -bmanagement 10.10.10.10 -b 20.20.20.20

username: adminUser
password: admin123

.
.
Thanks
MiddlewareMagic Team


Copyright © 2010-2012 Middleware Magic. All rights reserved. |