I have added Hornetq user using add-uesr.sh script.
I want to write a script to verify hornetq username and password entered by someone is correct or not (before configuring any other components like JMS queues etc).
Does JBOSS CLI provide a way to check the validity of authentication details?
Thank you!
You will not be able to use the JBoss CLI.
I suggest using a Hornteq JMS Client, just extend an example program and pass in username and password via command line paramters or property files. You could also check the correct queues and topics are available to the given user. You can also use the JBoss CLI in Java to check a message is delivered to a queue or topic etc. Make sure your program uses the correct exit code for success or failure.
Related
We have implemented contract testing using message pact and directly accessing Kafka Topics for retrieving the messages from queues. Kafka topics can be accessed using authentication PLAINTEXT. So we have a separate LoginModule defined in a config file with username and password. When I do the test from consumer end it is picking up the correct config file and the scripts are running. But when I run pact:verify using the same setting in the script, LoginModule is not getting recognized and I get an error "unable to find LoginModule class". From pact side I am getting an error "Failed to invoke provider method". Have anyone faced such issues with using pact with kafka before please ?
Are you talking about this one? github.com/reevoo/pact-messages If so, we are not currently supporting pact-messages as we have yet to finalize the base level tech with http/json.
This has been brought up in the past and is known within the Foundation, but we'd rather lock down the core technology before trying to tackle other message protocols/formats.
I am not a developer so please keep that in mind when reading the following message:
I need to be able to use Windows PowerShell to connect to a JMX RMI agent on a host, is this even possible ?
The example string from the java client I have been given is as below:
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:7979/jmxrmi");
The reason for this is that I am doing other work in my PowerShell script and would like to keep it all in one place.
Thanks !
This is an unusual mix of two technologies, but it is possible.
On the off-chance that you are attempting to connect to a JBoss server, the quickest way may be for you to call twiddle, a command tool that will dispatch JMX requests to the target JBoss server and return the results to standard out.
Another way is to implement the Jolokia agent on the target servers. This will allow you to issue JMX requests using REST. Responses will also be returned in REST format which you can process in PowerShell using one of these solutions.
Thirdly, you can also deploy the JMX-WS service on your target servers which will allow you to communicate with the JMX server using web-services. This document provides some VBScript examples of this.
None of the above actually uses the JMXServiceURL syntax you outlined, and I cannot think of a way you could actually cleanly integrate this RMI based protocol into PowerShell, but hopefully one of the above will work for you.
========== UPDATE ==========
There may be a way to use the RMI implementation. Take a look at IKVM. It is a Java Byte Code to .NET compiler. I have successfully compiled JMX/RMI java code into a .Net assembly and used it from C#. I think PowerShell will do the same thing.
Is it possible to pass credentials for monitored resource to JConsole while starting it via command line. I've got the command like that right now.
${jdk.home}/bin/jconsole.exe
-J-Djava.class.path=${jdk.home}/lib/jconsole.jar;
${jdk.home}/lib/tools.jar;${weblogic.home}/server/lib/wljmxclient.jar
-J-Djmx.remote.protocol.provider.pkgs=weblogic.management.remote
service:jmx:iiop://127.0.0.1:7510/jndi/weblogic.management.mbeanservers.runtime
Does anyone know if that's possible and where should those credentials be placed.
Thanks.
It is not possible with JConsole. The alternative JMX console that enables you to pass username/password from command line is jmxterm.
It can be found here: http://wiki.cyclopsgroup.org/jmxterm
I don't think there is a command line access option to do this. It's a sensible approach since it would reveal credentials in the process signature which might be visible to others.
However, you can specify a password file using the system property com.sun.management.jmxremote.password.file.
These options are documented here.
As far as I know, you can't. From your example though it looks like you are only trying to connect locally to a JMX process. In that case you could simply disable authentication in the JMX process (and make sure it listens for JMX only over localhost). Then you don't need to pass credentials and it will work with jconsole. For a true remote connection though (in which you will definitely want authentication, among other things like encryption), I think you have to try out one of the many other jmx type clients.
What's the JBoss 5.x EAP default web console password?
The default credentials are:
login: admin
password: admin
But if you use EAP these credentials are turned off by default and there is no active user (security reasons :)). If you want to turn on these users, you have to edit the following file in your current profile: ./deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties. It should be enough to remove the # sign from the line with the user.
If you want to create a new user, don't forget to set up the correct groups in web-console-roles.properties file.
You can easily find information where these information are stored: just open the ./conf/login-config.xml file and find the proper security domain definition. In the case of the Web Console application, it will be web-console policy.
Also if you want to have access to JMX, you have unlock JMX Console. Just check the following files in the conf/props/ directory (in your profile): jmx-console-users.properties and jmx-console-roles.properties.
I just had to uncomment the line in jboss-eap-5.0\jboss-as\server\default\conf\props\jmx-console-users.properties
admin=admin
Thats it. Restart Jboss and I was about to get in to JBOSS JMX. Magically this even fixed the error that I used to get while shutting down Jboss from Eclipse.
I can also verify the above solution except I had to change in
**..\server\<server profile>\conf\props\jmx-console-users.properties**
If you are using Talend MDM Server, the login is:
login: admin
password: talend
See more: http://wiki.glitchdata.com/index.php?title=TOS:_Accessing_the_Talend_MDM_Server
This differs from the default JBoss login of admin/admin
The password setup file is also login-config.xml in this case.
I suggest visit Add digest auth in jmx-console and read oficial documentation for Configure admin consoles, you can add more security to your JBoss AS console and at these link explains where are the role and user/pass files that you need to change this information for your server and how you can change them. Also I recommend you quit all consoles that you don't use because they can affect to application server's performance.
Also there are others links about securing jmx-console that could help you, search in jboss as community site for them (I can't put them here for my actual reputation,sorry). Never you should has the password in plain text over conf/props/ files.
Sorry for my bad English and I hope my answer be useful for you.
just commenting the line of user and password in file
./server/default/conf/props jmx-console-users.properties worked for me
Step 1:
jmx-console-users.properties
admin=admin
Step 2:
jmx-console-roles.properties
admin=JBossAdmin,HttpInvoker
Step 3: Restart or start the JBoss instance.
Now you should good to go...
Go to the jmx console, enter JBoss login URL, then enter admin as username and admin password.
as suggested in other posts, probably you don't have any user defined. it's not advisable to manually edit the configuration files. you should use the add-user (.sh or .cmd) utility as explained in https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Installation_Guide/chap-Getting_Started_with_JBoss_Enterprise_Application_Platform_6.html#Add_the_Initial_User_for_the_Management_Interfaces
I want to get the alert message for every execution of the scp command. If some one access my file using the scp command, that time I have to receive one mail. How can I achieve this. Please help me.
Unless you have administrative control of the server, what you ask is not possible -- Unix filesystems simply don't work that way. You can set your file permissions so that other users can't find or read your files, but there is no way for you, as an unprivileged user, to request email notification upon attempted or successful access attempts, via scp or any other method.
Are you on the server, or client side?
server side: Key-based ssh authentication has the ability to start custom commands when the user log into the system (can by bypassed if the user can change the authorized_keys file). There you can add a hook to send a mail on the login, or start a own sftp server with the desired logging enabled.
The right way to do that is to replace the scp program on the server by your own version (or by a wrapper).