10/03/2012

How to Create Management and Application Users in JBoss AS7

JBoss AS7 is secured by default, which means you will have to create users before accessing services and components, such as admin console and remote EJB.

 $JBOSS_HOME/bin/add-user.sh, or add-user.bat is the tool for such purpose. By default it runs in interactive mode, and prompt for user name, password, user type, role, realm, etc. It also has a silent mode (-s, or --silent).

For example, to create a management user, which can be used in admin console (http://localhost:9990):

$JBOSS_HOME/bin/add-user.sh -s -u admin -p "abc123***"

To create an application user, which can be used in remote EJB access:

$JBOSS_HOME/bin/add-user.sh -s -u app -p "abc123***" -a -realm ApplicationRealm --role app,user

To view help info:
$JBOSS_HOME/bin/add-user.sh --help

The user data is persisted in properties files in standalone/configuration and domain/configuration directories:

application-roles.properties
application-users.properties
mgmt-users.properties

Management users currently are not associated with any role, hence no mgmt-roles.properties. It would be nice to have role-based administration.