Installation Guide › JBoss Version › Logging.jsp File

Logging.jsp File

On JBoss 5, you can set up the logging.jsp file.

Follow these steps:

Locate user_console.war\WEB-INF\web.xml under the IAM application EAR location.

Secure the admin toolkit by adding the following section after last taglib tag in the file.

<security-constraint>
<web-resource-collection>
<web-resource-name>IAMSecureAdminTooles</web-resource-name>
<description>Security constraint for IAM Admin Tools</description>
<url-pattern>/ping.jsp</url-pattern>
<url-pattern>/logging.jsp</url-pattern>
<url-pattern>/app/adapterBLTHTest.jsp</url-pattern>
<url-pattern>/app/objectTest.jsp</url-pattern>
<url-pattern>/app/ping.jsp</url-pattern>
<url-pattern>/app/pluginTest.jsp</url-pattern>
<url-pattern>/ui/ping.jsp</url-pattern>
<!-- For each environment - start -->
<url-pattern>/<environment_alias>/adapterBLTHTest.jsp</url-pattern>
<url-pattern>/<environment_alias>/objectTest.jsp</url-pattern>
<url-pattern>/<environment_alias>/ping.jsp</url-pattern>
<url-pattern>/<environment_alias>/pluginTest.jsp</url-pattern>
<!-- For each environment - end -->
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>only let the admin users use secured admin tools</description>
<role-name>IAMAdmin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>IAM Realm</realm-name>
</login-config>
<security-role>
<description>The IAM Secure Admin Role</description>
<role-name>IAMAdmin</role-name>
</security-role>

Note: If no environments exist yet, comment out the lines with <environment_alias>.

Repeat the environment-specific section for each environment defined.
Run iam_im_compile_jsp in C:\Program Files\jboss-5.1.0.GA\bin and look for a successful build message.

Edit the jboss-web.xml in this location:

\jboss-5.1.0.GA\server\default\deploy\iam_im.ear\user_console.war\WEB-INF.

Add a line for the security domain. In the following example, the domain is called IAMAdmin.

<jboss-web>
<depends>jboss.jca:service=ConnectionFactoryBinding,name=JmsXA</depends>
<depends>jboss.messaging.destination:service=Topic,name=iam.im.jms.topic.ServerCommandTopic</depends>
<depends>jboss.jca:service=DataSourceBinding,name=iam/im/jdbc/jdbc/objectstore</depends>
<security-domain>java:/jaas/IAMAdmin</security-domain>
</jboss-web>

Edit the login-cfg.xml file in \jboss-5.1.0.GA\server\default\conf.

In this example, the application-policy name IAMAdmin matches the name of the security domain name.

<application-policy name="IAMAdmin">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="usersProperties">props/IAMAdmin-users.properties</module-option>
<module-option
name="rolesProperties">props/IAMAdmin-roles.properties</module-option>
<module-option
name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>

Create two files in \jboss-5.1.0.GA\server\default\conf\props using filenames that are based on the name of the security domain. For example:
- IAMAdmin-users.properties
- IAMAdmin-roles.properties.
The following is a sample users file:
```
# A sample users.properties file for use with the UsersRolesLoginModule
admin=admin
```
The following is a sample roles file:
```
# A sample roles.properties file for use with the UsersRolesLoginModule
admin=IAMAdmin
```
Note: The role name IAMAdmin matches the <role-name> tag in the web.xml in step 1.
Restart JBoss.
On an internet browser, go to http://hostname:8080/iam/im/logging.jsp.
Log in as a user defined in the users.properties file.