Wildfly: Management user vs Application user - wildfly

I downloaded Wildfly (wildfly-13.0.0.Final) and I want to configure it. I start standalone.bat in the bin folder of JBOSS_HOME directory (I use Windows platform).
I go to management console: localhost:8080 -> Administration Console. I see this
Your WildFly Application Server is running.
However you have not yet added any users to be able to access the admin console.
To add a new user execute the add-user.bat script within the bin folder of your WildFly installation and enter the requested information.
I run add-user.bat and it asks me what kind of user I would like to add.
I need a user to have permissions to deploy, redeploy applications. For example, for Apache Tomcat I can consifure tomcat-users.xml file and add users there (https://stackoverflow.com/a/1327730/4587961), so when I log into console as that user, I can deploy applications.

You need to add a Management user with the add-user.bat, whose credentials you will be able to log in the web admin with.
You could direclty add the user to the mgmt-users.properties file in the configuration directory of your standalone or domain, but the entry must be of the form <username>:DIGEST-MD5(<username>:ManagementRealm:<password>), which the add-user.bat script will handle for you.
You don't need any particular role unless you set up RoleBasedAccessControl.
Applicative users are used by applications with frameworks such as JAAS and are interfaced through the "default" security-domain, which refers to the ApplicationRealm containing those users.

As I read
https://docs.jboss.org/author/display/WFLY10/EJB+invocations+from+a+remote+server+instance
https://developer.jboss.org/thread/240892
Management user is used to enter the web console. Here you can deploy app, make settings, add resources (JPA config for example). Application users do not have access to the web console. They can be used for example to authenticate services. For example to invoke remove EJB bean, you need application user credentials to access the remove server.

Related

How to deploy EAR into the WAS cluster and IBM HTTP server by Monitored Directory Deployment functionality

My goal is to automatically deploy EAR file in WebSphere Application server cluster by Monitored Directory Deployment. So my deployment target is cluster. WAS version is 9.0.0.10. Everything works fine if I drop EAR file in
monitored directory for example '/{monitored_directory_defined_in_WAS}/clusters/my_cluster_name/'. Application is deployed and started. But I also want to deploy that application into the IBM HTTP server(resides in the same WebSphere cell with cluster) in the same automatically process by Monitored Directory Deployment.
I tried to manually predefine deploymentTargets(cluster and ibm http server) in deployment.xml file, put it in the EAR file, and drop EAR in the '/{monitored_directory_defined_in_WAS}/clusters/my_cluster_name/', but WAS deploy EAR only in cluster. As a consequence I must manually via WAS console map all modules from EAR to ibm http server, but I do not want to do it manually.
My second idea/attempt was sto create separate monitored directory for the ibm http server '/{monitored_directory_defined_in_WAS}/servers/my_ibm_http_server_name/'.
First I drop EAR into the '/{monitored_directory_defined_in_WAS}/clusters/my_cluster_name/' and right after that I drop EAR in to the '/{monitored_directory_defined_in_WAS}/servers/my_ibm_http_server_name/'. Result is that the EAR modules are deployed only in to the web server, and that is not my goal.
Is that even possible by WAS Monitored Deployment Directory functionality?
Is it allowed to manually create the deployment.xml file and add it to the EAR file?
First of all installing via monitored director is not recommended in the production environments, as it lacks control.
As you correctly suspected it is not possible to install it to the cluster and web server - check Installing enterprise application files by adding them to a monitored directory.
Because you can use only one server directory, drag and drop to map
applications to combinations of servers is limited. Scenarios
requiring use of more than one server, such as mapping to an
application server and a web server, are not supported by direct drag
and drop of an application file.
However, you still want to use it, you may deploy property file into monitored directory. That property file can fully customize your deployment e.g. configuring also module to map to web server.
Check Installing enterprise application files by adding properties files to a monitored directory for more details
UPDATE
If you have issues, I'd suggest the following approach - install your application 'classically' via admin console and map it to both web server and cluster. Then run wsadmin command to extract propertes:
AdminTask.extractConfigProperties('[-propertiesFileName myApp.props -configData Deployment=MyApplication -options [[SimpleOutputFormat true]]]')
Try to use format from that exported file for your properties
I had time to run it in my environment. I have app with 2 modules inside, one module is just mapped to the cluster, other is mapped to both cluster and web server. Here is relevant part of the property file:
taskName=MapModulesToServers
row1={ module=HelloTestUI #readonly
uri=HelloTestUI.war,WEB-INF/web.xml #readonly
server=WebSphere:cell=!{cellName},cluster=!{clusterName} }
row0={ module=HelloTestWeb #readonly
uri=HelloTestWeb.war,WEB-INF/web.xml #readonly
server=WebSphere:cell=!{cellName},cluster=!{clusterName}+WebSphere:cell=!{cellName},node=!{nodeName},server=!{serverName} }
I didnt try to use that property file to deploy the app via monitored directory, but as you can see the entry is created and mapping is done via + sign that connects cluster and web server.
If you dont see the mapping to your web server, make sure you saved the changes done in the console, and then connected via wsadmin, otherwise wsadmin will have not current data.

How to access Jboss Manager/Admin portal

I am new to jboss, what is the url and configuration settings you need to have to access Jboss's Manager/Admin portal
It depends on which version of jboss you are using.
for example, on JBOSS 5, you have to go to
http://localhost:8080/admin-console
Add the user at -JBOSS_HOME-\server\ -Server_Name-\conf\props\jmx-console-users.properties
On JBOSS version >= 6:
http://localhost:9990
Add management user with add-user.bat located in bin folder
The url to access the JBoss Management Console is usually http://your_host:9990. Be careful that the console works only on localhost unless you edit your standalone.xml.
Before accessing the console you need to create a management user with the console script add-user.sh (or .bat) in your bin directory.
Hope this helps!
See this for more information: https://docs.jboss.org/author/display/WFLY10/Admin+Guide#AdminGuide-Accessingthewebconsole

What Permissions does a user need to upload content into AEM Mobile Cloud service from AEM

I have setup a package that I built on an AEM author instance running on my local machine. I have it connecting to the AEM Mobile on demand cloud service.
When I have my package uploaded to a hosted AEM author instance, where I am not able to log in as admin. When I load the mobile project I see an error that the cloud config path does not exist. And I also don't see the 'Upload Shared Resources' button and can't upload articles.
What paths and permissions on those paths does my user need to fix this?
I was able to track down the paths and the permissions needed on those paths.
For the cloud config does not exist error the user needs
read access to the cloud config path: /etc/cloudservices/dps2015
In order to upload the user needs
read access to /etc/contentsync
and
read, write, create, delete access to /var/contentsync
and
read access to /var

Run Custom Script Extension Against Azure App Service

I am able to execute Custom Script Extensions against VMs using Set-AzureRmVMCustomScriptExtension and noticed that Azure App Services have Extensions listed as one of their options:
Extensions add functionality to your App Service. Click add to see the
list of available extensions.
What I would like to achieve is running some PowerShell against the VM hosting an App Service, but can't locate a Resource Manager cmdlet like Set-AzureRmVMCustomScriptExtension. An example is modifying the security of some of the directories of IIS hosting my website to disable anonymous access, and adding a few files to directories of my website. I am able to achieve this using a script against an IaaS Azure VM and am wondering if this will work against an App Service, and if so, how to target the VM of the App Service.
Key actions I take as part of this PowerShell is:
Disable anonymous access to certain directories in IIS
Limit access to certain file types
Edit existing XML files
Add new files to a directory (downloaded via CDN)
Logging into the Kudu interface (Mysite.scm.azure...) I am able to execute some PowerShell via the debug Console option, so I am thinking there has to be a way to run PowerShell via Azure Automation beyond the AzureRm.Websites cmdlets as with the Kudu PowerShell interface I was able to create directories with a plain old create-item cmdlet.
App Service is very different from VM hosting. In App Service, you never get direct access to the VM, and there is generally no way that you can run any script that affects the VM at a global level.
Instead, you are only able to affect the files that make up the Web App, and everything runs under a sandbox.

Administration console of OpenAM cannot be reached

I have trouble reaching the Administration console of the OpenAM server for a second time after a restart of the JBoss applicationserver on Windows 2008 Server R2 Datacenter.
I deploy OpenAM 9.5.2 (the opensso.war file) in the JBoss-4.2.3GA 'deploy' folder of its default profile.
I point my Internet Explorer 8 browser to: my.test.domain.com:8080/opensso
The page appears to create a Default or Custom Configuration for the OpenAM server
I successfully complete the wizard for creating a Custom Configuration
A pop-up with a 'Proceed to login' link appears after completing the configuration
I click this link and I can access the Admin console
Here is the thing:
When I restart JBoss and try to browse to the Admin console URL manually for a second time:
http://my.test.domain.com:8080/opensso/console
It will instead go to the page again to create a Default or Custom Configuration:
http://my.test.domain.com:8080/opensso/config/options.htm
And therefore I cannot access the Admin console anymore.
Note:
I verified that the URL: my.test.domain.com:8080/opensso/console is correct by opening
a second tab in IE8 before the restart of JBoss.
Been looking at doing this myself - this may provide the solution
https://wikis.forgerock.org/confluence/display/openam/Considerations+when+deploying+on+JBoss+AS+5.1
Indeed that will work. I discovered that you can alternatively add in your run.bat of JBoss:
-Dcom.sun.identity.configuration.directory= your configuration directory