No LoginModules configured for jmx-console
ajbenson Feb 8, 2007 2:57 PMI tried to secure the web-console as described in the Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole) by uncommenting the security relevant elements in web.xml and jboss-web.xml.
I am getting the following error in server.log:
2007-02-08 13:31:55,011 DEBUG [http-0.0.0.0-8443-Processor4] [org.jboss.security.plugins.JaasSecurityManager.jmx-console] Login failure javax.security.auth.login.LoginException: No LoginModules configured for jmx-console at javax.security.auth.login.LoginContext.init(LoginContext.java:189) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465) at org.jboss.security.plugins.SubjectActions$LoginContextAction.run(SubjectActions.java:91) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.security.plugins.SubjectActions.createLoginContext(SubjectActions.java:129) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:475) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:430) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:246) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:221) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:337) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534)
Here is the relevant section of my web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role>
In jboss-web.xml:
<security-domain>java:/jaas/jmx-console</security-domain>
In login-config.xml:
<application-policy name = "jmx-console"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" /> <module-option name="usersProperties">users.properties</module-option> <module-option name="rolesProperties">roles.properties</module-option> </login-module> </authentication> </application-policy>
I am running JBoss 3.2.5 on Solaris 9.
Thanks for any help anyone can provide.