Java – How to stop JBOSS AS7 redirecting the http administration console to the domain

configurationjavajbossjboss7.x

I am trying to remotely access the administration console from JBOSS AS 7. I have configured the management interface to my IP, but after I try to access the address, it is translated to whatever I have in /etc/hosts. How can I change this behavior? I want it to be accessible only through the IP.

Thanks ,
Filip

Best Answer

There's a section in the JBoss AS7 community documentation about Securing The Management Interfaces. This is a good resource for an entry to management interface security topics.

It sounds like you've already set your management-interfaces to control the interface and port settings for the Management Console and the Management CLI. Defining the specific IP and Port settings for this interface will typically exclude localhost access.

Questions

  • What version of JBoss AS 7 are you using?
  • Are you using a Standalone instance or the Managed Domain?
  • Are you connecting to the right machine (assuming remote connection to the host of the domain controller)?
  • What are your configuration settings?

The management interface settings exist in configuration files for either instance as follows. You need to change the relative runtime token to a specific IP address and port.

Standalone

The standalone configuration file is standalone.xml.

    <interfaces>
    <interface name="management">
        <!-- Declare a specific IP address for this management interface -->
        <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
    </interface>
    <interface name="public">
        <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
    <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
    <!-- Declare a specific port for the management-native interface -->
    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

Managed Domain

You can administer each host controller, so the configuration file is not the master domain controller care of domain.xml, but the specific host's configuration in host.xml. You are looking to secure the native-interface in a similar manner as a standalone instance. If your domain is configured correctly, you can connect remotely to the domain via the domain controller, be that the Management Console or the Management CLI (specifically on that interface).

    <management>
    <security-realms>
        <security-realm name="ManagementRealm">
            <authentication>
                <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
            </authentication>
        </security-realm>
        <security-realm name="ApplicationRealm">
            <authentication>
                <properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
            </authentication>
        </security-realm>
    </security-realms>
    <management-interfaces>
        <native-interface security-realm="ManagementRealm">
            <socket interface="management" port="${jboss.management.native.port:9999}"/>
        </native-interface>
        <http-interface security-realm="ManagementRealm">
            <socket interface="management" port="${jboss.management.http.port:9990}"/>
        </http-interface>
    </management-interfaces>
</management>

<domain-controller>
   <local/>
   <!-- Alternative remote domain controller configuration with a host and port -->
   <!-- <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="public">
       <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

Connecting

If you have questions on connecting remotely, read 4 ways to connect JBoss AS 7 using CLI on Middleware Magic.

Related Topic