Version 4
Created by starksm64 on Oct 8, 2005 10:02 AM. Last modified by ips on Apr 27, 2010 9:48 AM.

    DIGEST Authentication (4.0.4+)

     

    web.xml

    <?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
   "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
   <description>The standard web descriptor for the jmx-console</description>

   <!-- A security constraint that restricts access to the HTML JMX console
   to users with the role JBossAdmin. Edit the roles to what you want and
   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
   secured access to the HTML JMX console.
   -->
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
     </web-resource-collection>
     <auth-constraint>
       <role-name>JBossAdmin</role-name>
     </auth-constraint>
   </security-constraint>

   <login-config>
      <auth-method>DIGEST</auth-method>
      <realm-name>JBoss JMX Console</realm-name>
   </login-config>

   <security-role>
      <role-name>JBossAdmin</role-name>
   </security-role>
</web-app>

     

    login-config.xml

        <application-policy name = "jmx-console">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
           <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
           <module-option name="hashAlgorithm">MD5</module-option>
           <module-option name="hashEncoding">rfc2617</module-option>
           <module-option name="hashUserPassword">false</module-option>
           <module-option name="hashStorePassword">true</module-option>
           <module-option name="passwordIsA1Hash">true</module-option>
           <module-option name="storeDigestCallback">org.jboss.security.auth.spi.RFC2617Digest</module-option>
          </login-module>
       </authentication>
    </application-policy>

     

    jmx-console-users.properties

    # A sample users.properties file for use with the UsersRolesLoginModule
admin=admin
#[starksm@banshee9100 security]$ java -cp $JBOSS_HOME/server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2
# with JBoss AS 6.x: java -cp $JBOSS_HOME/common/lib/jbosssx-server.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2
admin2=a28c9ab431e878852135eac336fb0968
    11526 Views Categories: Tags: