Similar to all the other Application server's JBOSS also has a user-role based authentication .
Follow below steps To Map Users to Roles :
jbadmin ==> Administrator
jbdeploy ==> Deployer
Step 1:
To Configure jbdeploy to give it to the Developer :
This system is currently configured to use simple access controls, which will not utilise changes made in this section for roles. In order to utilise role mappings
that you configure in this section, you will need to enable role based access controls from the Command Line Interface (CLI) using the following command:
/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
D:\jboss\jboss-eap-6.3.0_Node1\jboss-eap-6.3\bin>jboss-cli.bat -c --controller=127.0.0.1:9999
[domain@127.0.0.1:9999 /] /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
},
"result" => undefined,
"server-groups" => undefined
}
[domain@127.0.0.1:9999 /]
Step 2:
From the console go to administration and add user and map role as per requirement .
Step 3 :After mapping users to roles below is the tag updated in Domain.xml
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
<user name="jbadmin"/>
</include>
</role>
<role name="Administrator">
<include>
<user name="jbadmin"/>
</include>
</role>
<role name="Deployer">
<include>
<user name="jbdeploy"/>
</include>
</role>
</role-mapping>
</access-control>
With these setting jbdeploy can only do deployments and Jbadmin can do all the Administrative activities .
No comments:
Post a Comment