Problem with JMX authentication
Hi!
It is my first time on this forum, so I hope someone can help me :)
I'm trying to use authentication on my JMX console, but I have no sucess. I have already done this:
I let the file:
deploy/jmx-console.war/WEB-INF/jboss-web.xml
With the following data:
<jboss-web> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web>
(enabling the JMX auth).
In the file web.xml (.), I have taken out the comments for the security constraint, so the file is with the following data:
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>The standard web descriptor for the html adaptor</description>
<!--
<filter>
<filter-name>JmxOpsAccessControlFilter</filter-name>
<filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
<init-param>
<param-name>updateAttributes</param-name>
<param-value>UpdateAttributeRole</param-value>
<description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
</init-param>
<init-param>
<param-name>invokeOp</param-name>
<param-value>InvokeOpRole</param-value>
<description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
</init-param>
</filter>
<filter-mapping>
<filter-name>JmxOpsAccessControlFilter</filter-name>
<servlet-name>HtmlAdaptor</servlet-name>
</filter-mapping>
-->
<servlet>
<servlet-name>HtmlAdaptor</servlet-name>
<servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>ClusteredConsoleServlet</servlet-name>
<servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
<init-param>
<param-name>jgProps</param-name>
<param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.partition.udpPort:45566}):
org.jboss.jmx.adaptor.control.FindView
</param-value>
<description>The JGroups protocol stack config</description>
</init-param>
</servlet>
<servlet>
<servlet-name>DisplayMBeans</servlet-name>
<jsp-file>/displayMBeans.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>InspectMBean</servlet-name>
<jsp-file>/inspectMBean.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>DisplayOpResult</servlet-name>
<jsp-file>/displayOpResult.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>ClusterView</servlet-name>
<jsp-file>/cluster/clusterView.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>HtmlAdaptor</servlet-name>
<url-pattern>/HtmlAdaptor</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ClusteredConsoleServlet</servlet-name>
<url-pattern>/cluster/ClusteredConsole</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DisplayMBeans</servlet-name>
<url-pattern>/DisplayMBeans</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>InspectMBean</servlet-name>
<url-pattern>/InspectMBean</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DisplayOpResult</servlet-name>
<url-pattern>/DisplayOpResult</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
</web-app>
And in the end I added the users ( "example=passwd" and "example=JBossAdmin" ) on the file jmx-console-users.properties, but after I restart the JBoss server, I still haven't got it enabled...
Is there something else to add that I forgot to do?
tks,
Caio Ribeiro Cesar
