logging permission for JBOSS audit-log.log - jboss

how to change the file permission of audit-log.log generated in the Jboss server (jboss-eap/standalone/data/audit-log.log)
The log file is getting created with rw permission only for the JBoss user (-rw-------. 1 jboss jboss 76740 Feb 14 04:50 audit-log.log2022-02-18_040543),
how can we change the permission to be enabled for the group as well for others example (-rw-r--r--.)?
Is there a configuration within JBoss to change this permission apart from using OS-level file permissions?

Related

Is config.xml is created after the domain creation or when admin server starts for the first time in Weblogic?

I read this in the official documentation but I am confused about config.xml.
When you start a server instance in a domain for the first time, WebLogic Server creates the following subdirectories in the domain directory:
Files containing security information
logs directory for storing domain-level logs
For each server running in the domain, a directory for storing server logs and HTTP access logs
The config.xml file is created during the domain creation.

how to save application users created in jboss in a database or serialize them

I want to migrate the management and application users created in jboss using add-user.bat utility while upgrading the jboss version.
For that i was thinking if it is possible to store the users created in jboss in a database or may be something like serializing them while creating and update the jaas cache of the jboss server at the time of boot up.
Is there any way to export the user list from an existing jboss installation?
So can anyone please help me with either of the above?
Or may you please suggest me which should be the best approach?
Unfortunately, there is no direct way of exporting application/management users from the JBoss server. But all the application and management users created for jboss will present in application-users.properties and mgmt-users.properties files.
You can get usernames with the encrypted password in the following format
username=HEX( MD5( username ':' realm ':' password))
e.g.
admin=2a0923285184943425d1f53ddd58ec7a
All the roles and groups for the users will present in application-roles.properties
and mgmt-groups.properties files.
Location for above files :
standalone mode: JBOSS_HOME/standalone/configuration/
domain mode: JBOSS_HOME/domain/configuration/

got forbidden login in on Kie-server

I'm following one tutorial to get kie-drools-workbench and kie-server working: https://www.intertech.com/Blog/simple-setup-of-drools-kie-workbench-and-kie-server-in-one-wildfly-instance/
Installed wildfly and downloaded the kie-server-6.4.0.Final-ee7 and kie-drools-wb-distribution-wars-6.4.0.Final-wildfly8 and move them to C:\apps\wildfly-8.2.1.Final\standalone\deployments
Created user jeff with roles admin and developer on wildfly like the tutorial shows.
on CMD start standalone which starts wildfly 8.2.1
got at C:\apps\wildfly-8.2.1.Final\standalone\deployments
- kie drools .war and .deployed
- kie server 64.0 .war and .deployed
Login with jeff user at administration on http://localhost:8080/ and got redirected to http://localhost:9990/console/App.html#home
Under deployments I have the kie-server and kie-drools enabled, how can I access them?
I can land to the kie Workbench with kie server user at http://localhost:8080/kie-drools-wb-distribution-wars-6.4.0.Final-wildfly8/kie-drools-wb.html but I can't land on the kie-server, got forbidden with user jeff or user kieserver at http://localhost:8080/kie-server-6.4.0.Final-ee7/services/rest/server/containers
I don't find why, I login with jeff user but got forbidden and have to restart all to try another user / pass, like kieserver user.
I access kie-workbench, loggin with kieserver user and under deploy -> rule deployments -> remote servers got the kie server link, but the problem is the same, can't access it. forbidden and only have one shot to get the user pass right, or else I have to restart it.
The objective is to work better with drools rules and debug rules the best way, get to check which fact are loaded and which rules are applied to each fact..
Does anyone got the same issue? Or got something like what I need working?
EDIT: I can work with rules on kie-Drools-wb, the question is, do I really need the kie server to start? Because I only need to create rules based one a database.
I think I found the solution.
I don't need to use the server, the server is wildfly and should be running by then, the drools Workbench as explained on the tutorial works and the demo project is the sandbox.
This is only for academic purposes.

Stopping Wildfly Windows Service failed

as mentioned from the title i have a problem stopping the wildfly windows service.
When i tried to stop the wildfly service via the server manager - services window the status of the wildfly service doens't change to stop from stop pending. But wildfly isn't running anymore (my web service is not reachable and also the server log says that wildfly was successfully stopped). to start the service again i have to restart the windows server.
i've tested this with different scenarios:
Windows Server 2008 R2 Datacenter + Wildfly 9
Windwos Server 2012 Datacenter + Wildfly 10
Windows 7 + Wildfly 10
I also tried to make changes in the service.bat like Chris French mentioned on https://developer.jboss.org/thread/238135?tstart=0 but there is no change.
Interessting is that the problem doens't exists on any of the scenarios when i added the service without adding any deployments to wildfly (so just the blank server). What means that i am able to start and stop the wildfly service successfully from the server manager services window when the wildfly server is "blank" and without any changes (for e.g. in standalone.xml).
So i think the problem must be my java ee project which contains a web service and a simple persistent project to access different my sql databases. In the standalone.xml i just added the mysql driver and the databases and i do some edits in the interface section (ip adress changes).
Any Ideas? Do i have to made changes in different config files (for e.g. the service.bat) when im deploying something to wildfly?
Sorry for my english and thanks a lot!
When installing the WildFly service, make sure you have the following parameters specified:
In WildFly 8: /user <username> /password <password>
in WildFly 10: /jbossuser <username> /jbosspass <password>
In the services.bat the documentation reads:
/user: username for the shutdown command
/password: password for the shutdown command
According to my experience, without these parameters, WildFly will move to status "stopping", but will not stop.
That works for me:
1. Always run the CMD as admin first.
2. If your JBOSS_HOME environment is not set, get sure that you navigate to WildFly home directory before you execute the script.
For example: cd "C:\Program Files\wildfly
It's matter, because the service.bat takes your current dir (%CD%) as JBOSS_HOME, if it's not set.
3. You’ve to install the service with a special parameter. /controller
It’s important that you tell wildfly service on which port your wildfly admin console is running.
Take a look in standalone.xml, search for “management-http”, get sure that you use the same port in parameter.
Example: (Default port is 9990)
./bin/service/service.bat install /controller localhost:9990
Done. Now start the service and wait until you can reach the wildfly console page.
After try to stop or restart the service in service.msc or with service.bat (service.bat start/stop/restart).
I had similar issue but it turned out I needed a JAVA_HOME in standalone.conf.bat under bin folder. Simply uncomment the line that sets the JAVA_HOME variable and update its value with the desired path.
set "JAVA_HOME=C:\Program Files\Java\jdk1.8.0_121"
Above solution worked for me.
I had the "stopping" problem, when JAVA_HOME was set directly in jboss_cli.bat, pointing to the older jdk version previously installed on my machine. Check jboss_cli.bat for correct path of JAVA_HOME or simply use the JAVA_HOME environment variable (you might have to delete set JAVA_HOME line in jboss_cli.bat).

JBoss default password

What's the JBoss 5.x EAP default web console password?
The default credentials are:
login: admin
password: admin
But if you use EAP these credentials are turned off by default and there is no active user (security reasons :)). If you want to turn on these users, you have to edit the following file in your current profile: ./deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties. It should be enough to remove the # sign from the line with the user.
If you want to create a new user, don't forget to set up the correct groups in web-console-roles.properties file.
You can easily find information where these information are stored: just open the ./conf/login-config.xml file and find the proper security domain definition. In the case of the Web Console application, it will be web-console policy.
Also if you want to have access to JMX, you have unlock JMX Console. Just check the following files in the conf/props/ directory (in your profile): jmx-console-users.properties and jmx-console-roles.properties.
I just had to uncomment the line in jboss-eap-5.0\jboss-as\server\default\conf\props\jmx-console-users.properties
admin=admin
Thats it. Restart Jboss and I was about to get in to JBOSS JMX. Magically this even fixed the error that I used to get while shutting down Jboss from Eclipse.
I can also verify the above solution except I had to change in
**..\server\<server profile>\conf\props\jmx-console-users.properties**
If you are using Talend MDM Server, the login is:
login: admin
password: talend
See more: http://wiki.glitchdata.com/index.php?title=TOS:_Accessing_the_Talend_MDM_Server
This differs from the default JBoss login of admin/admin
The password setup file is also login-config.xml in this case.
I suggest visit Add digest auth in jmx-console and read oficial documentation for Configure admin consoles, you can add more security to your JBoss AS console and at these link explains where are the role and user/pass files that you need to change this information for your server and how you can change them. Also I recommend you quit all consoles that you don't use because they can affect to application server's performance.
Also there are others links about securing jmx-console that could help you, search in jboss as community site for them (I can't put them here for my actual reputation,sorry). Never you should has the password in plain text over conf/props/ files.
Sorry for my bad English and I hope my answer be useful for you.
just commenting the line of user and password in file
./server/default/conf/props jmx-console-users.properties worked for me
Step 1:
jmx-console-users.properties
admin=admin
Step 2:
jmx-console-roles.properties
admin=JBossAdmin,HttpInvoker
Step 3: Restart or start the JBoss instance.
Now you should good to go...
Go to the jmx console, enter JBoss login URL, then enter admin as username and admin password.
as suggested in other posts, probably you don't have any user defined. it's not advisable to manually edit the configuration files. you should use the add-user (.sh or .cmd) utility as explained in https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Installation_Guide/chap-Getting_Started_with_JBoss_Enterprise_Application_Platform_6.html#Add_the_Initial_User_for_the_Management_Interfaces