Encrypted Database Passwords in JBoss

JBoss provides a simple mechanism to encrypt database passwords with blowfish. So the standalone.xml does not include our database passwords in plaintext anymore.

First you have to encrypt your password with org.picketbox.datasource.security.SecureIdentityLoginModule. This class includes a main method so you can run it with a single argument which has to be your plaintext password. The result will look like this:

The class is included in jboss modules.

Then create a security-domain in your standalone.xml file:

Or with cli:


The last step is to replace the username+password part of your datasource with a security-domain element. This would look like this in its simplest way:

After theses changes start your application server.

ATTENTION! The passphrase that is used for the Blowfish algorithm is hardcoded in the login module. To make this secure you have to change the password in that component. Change the source and recompile or create an extension and overwrite all necessary parts and add it as a new module.

Disable Deployment-Scanner in JBoss

Look for the deployment-scanner config in your standalone.xml and configure the scan interval to -1 to allow deployment onyl from shell or at startup. Here is the relevant part:

Or with cli:


Make your webapplication log debug messages under jboss

I often catch myself writing info-messages because jboss is configured to info-mode by default. By adding the following few lines you can make your application use debug mode:

Of course you have to change the category (your package name) in the logger. The snippet is from Wildfly 8.1. But it is the same approach for JBoss AS 7+.

JBoss Login Configuration

Here a short example for a security-domain that has to be configured in the urn:jboss:domain:security subsystem:

To use the domain in your application here an example jboss-web.xml descriptor:

JBoss JDBC Module Creator

Every time I download a new jboss I have to add the needed jdbc module manually. And every time I have to look how the module.xml has to look like. So I decided to write a simple script that creates a module for PostgreSQL. with some configuration, it should be capable of creating every jdbc module you want. Just see the options it supports.

You can see my project at github: https://github.com/mbogner/jboss_module_creator

Here some instructions how to run it with default options:

[codesyntax lang=”bash”]


ActiveMQ Configuration under JBoss AS7

Update 11.7.2013:

New version for JBoss 7.2.0.Alpha1 / EAP 6.1.0.Alpha1 can be found here: http://blog.coffeebeans.at/?p=606


JBoss 7 and ActiveMQ finally work together.

  • Download the latest snapshot of activemq.rar.
  • Unzip the file and name the resulting folder activemq.rar.
  • Place the folder in you deployments folder of jboss.
  • Place the files ra.xml and ironjacamar.xml into the META-INF subfolder of the activemq.rar folder. Overwrite the existing ra.xml file.
  • Change both files as needed. Queues and topics are configured in ironjacamar.xml.
  • Create an empty file activemq.rar.dodeploy.

That’s it. Now you should be able to create a MDB that connects to a remote ActiveMQ server. Here an example to the configuration above:

UPDATE: 29.4.2013 (thanks to Bruno Valentim)

To get activemq running with JBoss 7.1.1 the following steps are required:

1) Instead of the mentioned snapshot use http://repo1.maven.org/maven2/org/apache/activemq/activemq-rar/5.7.0/activemq-rar-5.7.0.rar

2) under subsystem xmlns=”urn:jboss:domain:ejb3:1.2″ in standalone.xml add:

Notice: a “A node is already registered at ‘(deployment => activemq-ra.rar)” exception could remain but it should work anyway.

Enable SSL in JBoss AS 7.1.0

It is quite simple to enable SSL (https) in AS 7.1.0. First create a keystore with a key for jboss in it. Be sure to use the same password for the keystore and the key.

This generates the file /home/manuel/.keystore with 664 permissions. We will use this file in the standalone.xml file located in the configuration dir of jboss. Just locate the web subsystem with the already predefined http connector and add the new https connector:

The key-alias jboss is default and you can use every name you want as long as you create a key with that name in the keystore. See the jboss-web.xsd for further configuration options.

Don’t forget to change the path to the keystore of your environment. If you are using default ports 8080 and 8443 like me, make sure not to change http to https only – also use the right port; so use https://localhost:8443 and not https://localhost:8080.

JBoss AS 7.1.0 Mail

Since version 7.1.0 JBoss AS includes a mail subsystem by default and it seems to work with a local postfix installation out of the box. Here is a simple mailer bean:

JBoss AS 7.1 Eclipse Startup Warning

Since 7.1 the following warning appears during server startup:

WARNING: -logmodule is deprecated. Please use the system property ‘java.util.logging.manager’ or the ‘java.util.logging.LogManager’ service loader.

This can be fixed be removing the following part from the launch configuration in the “Program arguments” section:

-logmodule org.jboss.logmanager