Problem with JMX authentication
ccesar Jun 8, 2009 3:33 PMHi!
It is my first time on this forum, so I hope someone can help me :)
I'm trying to use authentication on my JMX console, but I have no sucess. I have already done this:
I let the file:
deploy/jmx-console.war/WEB-INF/jboss-web.xml
With the following data:
<jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web>
(enabling the JMX auth).
In the file web.xml (.), I have taken out the comments for the security constraint, so the file is with the following data:
<?xml version="1.0"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <description>The standard web descriptor for the html adaptor</description> <!-- <filter> <filter-name>JmxOpsAccessControlFilter</filter-name> <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class> <init-param> <param-name>updateAttributes</param-name> <param-value>UpdateAttributeRole</param-value> <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description> </init-param> <init-param> <param-name>invokeOp</param-name> <param-value>InvokeOpRole</param-value> <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description> </init-param> </filter> <filter-mapping> <filter-name>JmxOpsAccessControlFilter</filter-name> <servlet-name>HtmlAdaptor</servlet-name> </filter-mapping> --> <servlet> <servlet-name>HtmlAdaptor</servlet-name> <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class> </servlet> <servlet> <servlet-name>ClusteredConsoleServlet</servlet-name> <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class> <init-param> <param-name>jgProps</param-name> <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.partition.udpPort:45566}): org.jboss.jmx.adaptor.control.FindView </param-value> <description>The JGroups protocol stack config</description> </init-param> </servlet> <servlet> <servlet-name>DisplayMBeans</servlet-name> <jsp-file>/displayMBeans.jsp</jsp-file> </servlet> <servlet> <servlet-name>InspectMBean</servlet-name> <jsp-file>/inspectMBean.jsp</jsp-file> </servlet> <servlet> <servlet-name>DisplayOpResult</servlet-name> <jsp-file>/displayOpResult.jsp</jsp-file> </servlet> <servlet> <servlet-name>ClusterView</servlet-name> <jsp-file>/cluster/clusterView.jsp</jsp-file> </servlet> <servlet-mapping> <servlet-name>HtmlAdaptor</servlet-name> <url-pattern>/HtmlAdaptor</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>ClusteredConsoleServlet</servlet-name> <url-pattern>/cluster/ClusteredConsole</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>DisplayMBeans</servlet-name> <url-pattern>/DisplayMBeans</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>InspectMBean</servlet-name> <url-pattern>/InspectMBean</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>DisplayOpResult</servlet-name> <url-pattern>/DisplayOpResult</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role> </web-app>
And in the end I added the users ( "example=passwd" and "example=JBossAdmin" ) on the file jmx-console-users.properties, but after I restart the JBoss server, I still haven't got it enabled...
Is there something else to add that I forgot to do?
tks,
Caio Ribeiro Cesar