If you are an administrator of a Wildfly server, you may need to add new users to the server for authentication and authorization purposes. This short tutorial will teach you how to Add a management user with WildFly Application Server.
The add-user.sh script is a command-line tool that allows you to add new users to Wildfly, including specifying their roles and credentials. this script is in the JBOSS_HOME/bin folder.
Launch the script:
- Select the default option βaβ to add a Management user.
- This user will belong to the ManagementRealm. Therefore it will be able to perform management operations using the web-based Admin Console or the CLI (command-line interface). The other choice, b, adds a user to the ApplicationRealm,
- Enter the username and password.
- Then, enter group information.
- Add the group or groups to which the user belongs. If the user belongs to multiple groups, enter a comma-separated list. Leave it blank if you do not want the user to belong to any groups.
- Review the information and to confirm type yes.
Here is a transcript which summarizes these steps:
$ ./add-user.sh What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): a Enter the details of the new user to add. Using realm 'ManagementRealm' as discovered from the existing property files. Username : admin123 Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file. - The password should be different from the username - The password should not be one of the following restricted values {root, admin, administrator} - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s) Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: About to add user 'admin123' for realm 'ManagementRealm' Is this correct yes/no? yes Added user 'admin123' to file '/home/francesco/jboss/wildfly-16.0.0.Final/standalone/configuration/mgmt-users.properties' Added user 'admin123' to file '/home/francesco/jboss/wildfly-16.0.0.Final/domain/configuration/mgmt-users.properties' Added user 'admin123' with groups to file '/home/francesco/jboss/wildfly-16.0.0.Final/standalone/configuration/mgmt-groups.properties' Added user 'admin123' with groups to file '/home/francesco/jboss/wildfly-16.0.0.Final/domain/configuration/mgmt-groups.properties' Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition <secret value="UGFzc3dvcmQxMjM=" />
Adding a WildFly User in non-interactive ways
It is also possible to add management and application users just by running a shell command. For example:
How to create a management user in the Default Realm
$ ./add-user.sh -u 'adminuser1' -p 'password1!'
How to create an Application user belonging to a single group:
$ ./add-user.sh -a -u 'appuser1' -p 'password1!' -g 'guest'
Create an Application user belonging to multiple groups:
$ ./add-user.sh -a -u 'appuser1' -p 'password1!' -g 'guest,app1group,app2group'
How to create an Application user belonging to single group using alternate properties files:
$ ./add-user.sh -a -u appuser1 -p password1! -g app1group -sc /home/username/userconfigs/ -up appusers.properties -gp appgroups.properties
Management users using other Realms
This tutorial discussed the basics of adding an user with the default FileSystem Security Realm. In realm world cases, you will probably be using a more robust Realm to store your management users.
To learn how to secure the Management interfaces using other realms (such as Database Realm) we recommend checking this article: Securing JBoss / WildFly Management Interfaces: the easy way