Securing JBoss with User Application

ScorpionSting

By: ScorpionSting

January 28, 2014 10:51 am

Reads: 280

Comments:2

Rating:5.0

A lot of this content was taken from this URL, but I’ve listed here what is required for most situations.

First, we’ll assume that JBoss and User Application have been installed at the default location of /opt/novell/idm/ and that the Advanced/Provisioning module has been installed with the default context of IDMProv.

Stop the JBoss process.

Most User App installs will create a novlua linux user, if not, create one and give it rights to the file system:

chown -R novlua /opt/novell/idm

NOTE: If you’re using the builtin PostgreSQL, you will need to run these two commands to return the rights for the postgres daemon:

chown -R :daemon /opt/novell/idm/Postgres
chown -R postgres:postgres /opt/novell/idm/Postgres/data

Edit the /etc/init.d/jboss_init script and change the following parameter:

JBOSSUS=${JBOSSUS:-"RUNASIS"}

to

JBOSSUS=${JBOSSUS:-"novlua"}

Set up SSL as described in my other article How to SSLize User Application on JBoss using eDirectory’s Certificate Authority for Linux.

It’s always safe to move the following to a backup location rather than deleting blindly:

  • /opt/novell/idm/jboss/server/IDMProv/conf/
  1. File: jax-ws-catalog.xml
  • /opt/novell/idm/jboss/server/IDMProv/conf/props/
  1. File: jbossws-roles.properties
  2. File: jbossws-users.properties
  • /opt/novell/idm/jboss/server/IDMProv/deploy/
  1. Directory: admin-console.war
  2. Directory: jbossws.sar
  3. Directory: jmx-console.war
  4. Directory: jmx-remoting.sar
  5. Directory: management
  6. File: profileservice-jboss-beans.xml
  7. Directory: profileservice-secured.jar
  8. Directory: xnio-provider.jar
  • /opt/novell/idm/jboss/server/IDMProv/deployers/
  1. Directory: jbossws.deployer
  2. Directory: seam.deployer
  3. Directory: webbeans.deployer
  4. Directory: xnio.deployer

Keep the file /opt/novell/idm/jboss/server/IDMProv/deploy/jmx-invoker-service.xml as it is required by the init script to stop the jboss server.

Edit the /opt/novell/idm/jboss/server/IDMProv/deploy/ROOT.war/WEB-INF/web.xml file and comment out the following (you may want to keep this bit if you’re behind a Load Balancer as it provides the health status of JBoss):

<!--
  <servlet>
    <servlet-name>Status Servlet</servlet-name>
    <servlet-class>org.jboss.web.tomcat.service.StatusServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>Status Servlet</servlet-name>
    <url-pattern>/status</url-pattern>
  </servlet-mapping>
-->

Finally, clean up the old deployments:

rm -fr /opt/novell/idm/jboss/server/IDMProv/tmp/*
rm -fr /opt/novell/idm/jboss/server/IDMProv/work/jboss.web/localhost/

 

Now JBoss can be started.

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
Securing JBoss with User Application, 5.0 out of 5 based on 1 rating

Tags: , ,
Categories: Identity Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

2 Comments

  1. By:stharp

    The user switch did not work for me are your Postgress located below /opt/novell/idm ?

Comment