Loading...

Enable management web console for JBoss/Wildfly

A fresh JBoss EAP installation, has no web console activated. It requires a management user for that. This article explains the basic steps how to activate the management web console.

For demo purposes, configure simple passwords

bk201@debian:/opt/jboss-eap-6.4/bin$ vim add-user.properties

Allow simple demo passwords by changing REJECT to RELAX

# Valid values: RELAX, WARN or REJECT
# RELAX : Don't perform any strength checks on the password in both interactive and non-interactive mode
# WARN : Display a message about the strength of the password. Ask confirmation if the password is weak in interactive mode
# REJECT : Display a message about the strength of the password (if the password is weak, the user is not created).
# Ask confirmation if the password is weak in interactive mode
password.restriction=RELAX

Add a management user for authentication to the management console

bk201@debian:/opt/jboss-eap-6.4/bin$ ./add-user.sh
What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : admin
The username 'admin' is easy to guess
Are you sure you want to add user 'admin' yes/no? yes
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]:
About to add user 'admin' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'admin' to file '/opt/jboss-eap-6.4/standalone/configuration/mgmt-users.properties'
Added user 'admin' to file '/opt/jboss-eap-6.4/domain/configuration/mgmt-users.properties'
Added user 'admin' with groups  to file '/opt/jboss-eap-6.4/standalone/configuration/mgmt-groups.properties'
Added user 'admin' with groups  to file '/opt/jboss-eap-6.4/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="YWRtaW4=" />

If you open Console it should give you a prompt for authentication.

Port forwarding

Working in a virtual machine, and port forwarding requires to access from any other address. Bind management interface to any address

<interfaces>
    <interface name="management">
        <any-address/>
    </interface>
    <interface name="public">
        <any-address/>
    </interface>
    <interface name="unsecure">
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

By default (due to security reasons) JBoss binds only to localhost. If you want to access it via your hostname or IP, then you can edit the JBOSS_HOME/standalone/configuration/standalone.xml to change the “public” and “management” interfaces to point to the hostname of your system: Bind management interface to dedicated address

<interfaces>
  <interface name="management">
    <inet-address value="${jboss.bind.address.management:192.168.1.100}"/>
  </interface>
  <interface name="public">
    <inet-address value="${jboss.bind.address:192.168.1.100}"/>
 </interface>
</interfaces>