-
1. Re: JMX-Console Security in Jboss 4.0
b2bw35 Oct 12, 2004 9:16 AM (in response to cam156)I upgraded to 4.0.0 and the JMX console security works fine after uncommenting the jboss-web.xml and web.xml files. I would check them again to make sure the changes were saved or you didn't uncomment everything needed.
-
2. Re: JMX-Console Security in Jboss 4.0
cam156 Oct 12, 2004 9:24 AM (in response to cam156)Here are the two files. Please let me know if you see something wrong.
Just to note, if you got an error saying that you were missing the roles.properties file and user.properties file you are actually using the default "other" realm instead of the jmx-console realm. The other realm works just fine, but it is not what should be configured.
Thanks for your help!
web.xml:<?xml version="1.0"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <description>The standard web descriptor for the html adaptor</description> <servlet> <servlet-name>HtmlAdaptor</servlet-name> <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class> </servlet> <servlet> <servlet-name>ClusteredConsoleServlet</servlet-name> <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class> <init-param> <param-name>jgProps</param-name> <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=228.1.2.3;mcast_port=45566): org.jboss.jmx.adaptor.control.FindView </param-value> <description>The JGroups protocol stack config</description> </init-param> </servlet> <servlet> <servlet-name>DisplayMBeans</servlet-name> <jsp-file>/displayMBeans.jsp</jsp-file> </servlet> <servlet> <servlet-name>InspectMBean</servlet-name> <jsp-file>/inspectMBean.jsp</jsp-file> </servlet> <servlet> <servlet-name>DisplayOpResult</servlet-name> <jsp-file>/displayOpResult.jsp</jsp-file> </servlet> <servlet> <servlet-name>ClusterView</servlet-name> <jsp-file>/cluster/clusterView.jsp</jsp-file> </servlet> <servlet-mapping> <servlet-name>HtmlAdaptor</servlet-name> <url-pattern>/HtmlAdaptor</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ClusteredConsoleServlet</servlet-name> <url-pattern>/cluster/ClusteredConsole</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>DisplayMBeans</servlet-name> <url-pattern>/DisplayMBeans</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>InspectMBean</servlet-name> <url-pattern>/InspectMBean</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>DisplayOpResult</servlet-name> <url-pattern>/DisplayOpResult</url-pattern> </servlet-mapping> <!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console.--> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role> </web-app>
jboss-web.xml:<jboss-web> <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web>
-
3. Re: JMX-Console Security in Jboss 4.0
cam156 Oct 15, 2004 8:06 AM (in response to cam156)Hello,
I found the solution to my problem myself. There really needs to be some documentation on 4.0.
I found that the standard server will run the security correctly.
The reason for this is that in the jbossweb-tomcat50.sar/server.xml file in the standard version has the following entry in the engine:<!-- The JAAS based authentication and authorization realm implementation that is compatible with the jboss 3.2.x realm implementation. - certificatePrincipal : the class name of the org.jboss.security.auth.certs.CertificatePrincipal impl used for mapping X509[] cert chains to a Princpal. --> <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" />
If you are planning to use the default configuration and security make sure you add the above to the engine.
-- Carolyn -
4. Re: JMX-Console Security in Jboss 4.0
starksm64 Oct 16, 2004 3:46 PM (in response to cam156)Both the standard and default configurations have the JBossSecurityMgrRealm defined in the jbossweb-tomcat50.sar/server.xml. The only way your default config does not have this is if you removed it.