-
1. Re: installed, run and can't login to console
jonlee May 5, 2003 9:50 AM (in response to imorti)When you use the org.jboss.security.auth.spi.UsersRolesLoginModule for authentication, you need to create a users.properties file in the same directory as the configuration files for your JBoss instance - "instance"/conf. So if you run the default instance, the file needs to be in server/default/conf of your 3.2.0 distribution. In your case, it will need to be in server/all/conf.
The file contains users and their passwords, one user per line in the following format:
username=password
So you'll need to create the file as it doesn't exist by default. -
2. Re: installed, run and can't login to console
imorti May 5, 2003 10:43 AM (in response to imorti)thanks for the info.
I did as you said, restarted and still can't get in.
is there another congfig to edit? -
3. Re: installed, run and can't login to console
jonlee May 5, 2003 11:27 AM (in response to imorti)Sorry. A little distracted. The other file you will need is a roles.properties that specifies the roles that the login fulfils. This all ties together like this:
In your server/all/jmx-console.war/WEB-INF directory, you will have a jboss-service.xml that will have a setting to turn on JAAS authentication for the scurity domain.
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
-->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>
In web.xml in the same directory, you will set servlet security, with the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
Essentially, you do BASIC authentication and anyone authenticated who has a security role of JBossAdmin can access all jmx-console pages - review servlet security mechanisms to understand this part better.
Now, say you want a user Frodo with password Samwise to be able to be able to access the jmx-console.
So in users.properties, you should at least have the line:
Frodo=Samwise
Now in roles.properties, you want Frodo to at least have the role, JBossAdmin which is the security role required to access jmx-console. The line in the file is:
Frodo=JBossAdmin
An authenticated user can have more than one role, with roles separated by commas.
Hope that helps and makes sense. -
4. Re: installed, run and can't login to console
imorti May 5, 2003 11:41 AM (in response to imorti)makes perfect sense. edited accordingly.
and still cannot get in. I restarted twice to be sure, and made sure all properties files are in the conf dir of each instance.
any other ideas? -
5. Re: installed, run and can't login to console
jonlee May 5, 2003 12:24 PM (in response to imorti)OK. Go back to basics. Try commenting out the security-constraint, the login-config and security-role from your web.xml. Comment out the security-domain in jboss-web.xml. Restart it. We've just turned off authentication.
If that doesn't fix it then you have a problem - either it is not the instance you think it is, or there is something else overriding your authentication method.
I assume, you are starting the "all" instance via either:
run.sh -c all
or
run.bat -c all
Also, I assume that server/all/login-config.xml has the following entry uncommented in it?
<application-policy name = "jmx-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy> -
6. Re: installed, run and can't login to console
imorti May 5, 2003 12:43 PM (in response to imorti)checked 'em all.
turning off security didn't work. I updated the jboss-web.xml, web.xml commented it all out. updated login-config.xml didn't disable security.
Perhaps I should re-install. Will try that, and follow your directions.
I noticed that there's a users.properties in my classes directory. no entries, but it's there.
I'm going to reinstall, go over your suggestions and try as you say, "from the beginning". thanks so much. will post again after all this.
cheers.
-I