The "admin" user
jManage requires a "admin" user to be setup during installation. The password of this user is used to encrypt a "symmetric" key which is generated during insallation. The encrypted key is stored in jmanage-key file under "config" directory. This scheme avoids writing the key to the disk in its clear form. For this reason, the password of this "admin" user is required when starting jManage application.
The only way jManage applications can be accessed is via username and password. The application only allows 3 invalid attempts before locking the account. Once the account has been locked, someone who has access to User management (normaly from operations/admin team), needs to unlock the account, before this username can be used again.
The number of invalid attempts can be configured in jmanage.properties (default is 3).
jManage users are defined in jmanage-users.xml file under the config directory. This file is managed using the User Management functionalty in jManage Web interface. The passwords are stored as a one-way hash in this file. jManage by default uses SHA-1 algorithm, but this can be changed in jmanage.properties during initial setup. jManage has also been tested with SHA-256.
A User can belong to one or more roles (at this time the UI supports only one role per user). The user roles are defined in jmanage-user-roles.xml. By default jManage comes with two pre-defined roles: Administrator and User; Administrator has complete access whereas User has read-only access.
The access is controlled by defininig ACEs (Access Control Entities) in acl-config.properties file. The permissions can be configured either at the user level or at the role level.
jManage also provides a mechanism to specify ACEs at the MBean attribute or operation level. Please see Access Control for more info.
The application server passwords are encrypted using the key generated during jManage setup. jManage uses a 128 bit TripleDES key which is ecrypted with the Password Based Encryption (PBE) using the "admin" user password.
By default jManage works over http. SSL can be enabled in jManage 1.0 by uncommenting the HTTPS listener in JMANAGE_HOME/config/jetty-config.xml:
<Call name="addListener"> <Arg> <New class="org.mortbay.http.SunJsseListener"> <Set name="Port"> <SystemProperty name="jetty.port" default="9091"/> </Set> <Set name="MinThreads">5</Set> <Set name="MaxThreads">255</Set> <Set name="MaxIdleTimeMs">30000</Set> <Set name="LowResourcePersistTimeMs">5000</Set> <Set name="Keystore"><SystemProperty name="jmanage.root"/>/config/keystore</Set> <Set name="Password">password</Set> <Set name="KeyPassword">password</Set> </New> </Arg> </Call>
You should also comment out the HTTP listener in jetty-config.xml to disable any HTTP access.
Note that the "jmanage.url" property in JMANAGE_HOME/config/jmanage.properties also needs to be updated for the command line interface to work.