Secure access to web management console, Authentication of the web management console, Working with the web management console – HP Integrity NonStop H-Series User Manual
Page 83
NSASJ supports all the operations and functionalities supported by the web console of JBoss with
the exception of the following:
•
Starting servers
•
Adding server groups
•
OSGI
•
Web Services
HP recommends to access the web management console over HTTPS in a secured manner. The
NSASJ web management console extends this feature from the JBoss management console and
provides this feature.
Secure access to web management console
Perform the following steps to secure access for the web management console:
1.
Create security certificates with the help of NSJ provided keytool utility .
2.
Create server-identities in Management Realm.
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<ssl protocol="TLSv1">
<keystore path="/home/user/my.keystore" keystore-password="rmi+ssl" alias="myalias"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
3.
Secure the socket binding by modifying the host.xml.
<http-interface security-realm="ManagementRealm">
<socket interface="management" secure-port="XXXX"/>
</http-interface>
Or, use the command line
/host=master/core-service=management/
management-interface=http-interface/
:write-attribute(name=secure-port,value=XXXX)
/host=master/core-service=management/
management-interface=http-interface/:undefine-attribute(name=port)
4.
Restart the Host Controller and server instances.
Authentication of the web management console
The default Management Realm based authentication is a combination of BASIC and DIGEST
algorithms. BASIC because the web console application requests the client for user name and
password. Username and password are encrypted using DIGEST.
Users can configure other authentication mechanism, such as LDAP and add realms other than
Management Realm for authenticating the web management console users. For more information,
see JBoss documentation.
Working with the web management console
Log on to the web management console using appropriate login credentials. You will be directed
to the GUI comprising the Profile, Runtime, and Server tabs. These tabs are explained with the
help of videos with annotations which explain the fields and attributes in details.
Managing NSASJ using web management console
83