Don’t forget the :.: on ClassPath

All

Intro: problem statement

For some reason, my ./add-user.sh user was not working on WildFly/JBoss EAP 7.3, so I couldn’t actually open the console page on http://localhost:8080/.

So decided to add the user directly, on $wildfly-19.0.0.Final/standalone/configuration
mgmt-users.properties.

mgmt-users.properties File

So the `mgmt-users.properties` will be encrypted and will look like:

         #admin=2a0923285184943425d1f53ddd58ec7a

This happens because the passwords are hashed using:

mechanism:HEX( MD5( username ‘:’ realm ‘:’ password))

Workaround

Found a blog post that implements this mechanism on How to generate the password on JBoss AS, by based directly on org.jboss.crypto.CryptoUtil lib hashing method:

  1. Did some small modification on the EncryptPassword.java file, that is actually broken for 1.8.191, removing some stuff.
  2. Exported the Env variable – CLASS_PATH
  3. compilated with javac (since was running in JDK 8, not 11 that has java directly)
  4. All fine, but forgot to add the <:.:> on the classpath export. So of course, java was not finding my class. As in:

$ export CLASSPATH=/jboss-client-4.0.2.jar://picketbox-5.1.0.Final.jar
$ /jdk1.8.0_191/bin/javac EncryptPassword.java
$ /jdk1.8.0_191/bin/java EncryptPassword testUserOne ApplicationRealm testPasswordOne
Error: Could not find or load main class EncryptPassword

5. Fix adding :.: so adding the current directory on the classpath:

$ export CLASSPATH=/jboss-client-4.0.2.jar:/picketbox-5.1.0.Final.jar:.:
$ /jdk1.8.0_191/bin/javac EncryptPassword.java
$ /jdk1.8.0_191/bin/java EncryptPassword testUserOne ApplicationRealm testPasswordOne
clearTextPassword: testUserOne:ApplicationRealm:testPasswordOne
hashedPassword: cf8f98f5b90ccc568e1ffc7767ac9d8b
If you will create user using add-user.sh script then you will see the same Hash Value of Password.nn

6. Edit directly the mgmt-users.properties with the user/hashedPassword values, and could access the management page.

#admin=2a0923285184943425d1f53ddd58ec7a
testUserOne=cf8f98f5b90ccc568e1ffc7767ac9d8b

Using this workaround, was able to access the console page directly.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s