JBoss.orgCommunity Documentation
In order to do work in the DTGov system, a valid user must first be authenticated. The specific details regarding how to create and manage the list of allowed users will vary depending on the runtime configuration. This guide will focus on the mechanisms supported by the DTGov community installer.
Please note that the installer creates a single user (named admin) during the installation process.
There are several roles that the user must have in order to interact with DTGov. These roles are as follows:
By default DTGov uses the standard EAP Application Realm configuration as its authentication source. This means that adding users is a simple matter of using the existing EAP add-user script. If you are running on Windows you can use the add-user.bat script. Otherwise run the add-user.sh script. Both of these scripts can be found in EAP’s bin directory.
Here is an example of how to add an S-RAMP user using the add-user.sh script:
[user@host jboss-eap-6.x]$ pwd /home/user/FSW6/jboss-eap-6.x [user@host jboss-eap-6.x]$ ./bin/add-user.sh What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Realm (ApplicationRealm) : ApplicationRealm Username : fitzuser Password : P4SSW0RD! Re-enter Password : P4SSW0RD! What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: overlorduser,admin.sramp,dev,test About to add user 'fitzuser' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'fitzuser' to file '/home/user/FSW6/jboss-eap-6.x/standalone/configuration/application-users.properties' Added user 'fitzuser' to file '/home/user/FSW6/jboss-eap-6.x/domain/configuration/application-users.properties' Added user 'fitzuser' with roles overlorduser,admin.sramp to file '/home/user/FSW6/jboss-eap-6.x/standalone/configuration/application-roles.properties' Added user 'fitzuser' with roles overlorduser,admin.sramp to file '/home/user/FSW6/jboss-eap-6.x/domain/configuration/application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? no
the above example will create a user who can view and complete Dev and Test environment human tasks. Any other human tasks will not be visible.
When running DTGov in JBoss Fuse 6.1, the user credentials are stored in a plain text properties
file in the etc directory.
#user=password,role1,role2 admin=ADMIN_PASSWORD,overlorduser,admin.sramp,dev,test,stage,prod,ba,arch
Simply add users to this file and restart Fuse. Make sure you include the necessary roles of overlorduser
and admin.sramp (along with any additional optional roles the particular user might need) in any user
you create.
When running DTGov in Tomcat 7, the source of authentication is an XML configuration file located in Tomcat’s conf directory named tomcat-users.xml. To add another user, simply add a user element to this XML configuration file. For example, adding a user named fitzuser might make the file look like this:
<?xml version="1.0" encoding="UTF-8"?> <tomcat-users> <!-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. --> <role rolename="tomcat"/> <role rolename="overlorduser"/> <role rolename="admin.sramp" /> <user username="admin" password="4dm1n!" roles="tomcat,overlorduser,admin.sramp,dev,test,stage,prod,ba,arch"/> <user username="fitzuser" password="P4SSW0RD!" roles="tomcat,overlorduser,admin.sramp,dev,test"/> </tomcat-users>