6 Replies Latest reply on Apr 3, 2011 12:22 AM by vgarmash

Securing web console

$fraccy$

fraccy Dec 10, 2005 11:44 AM

Hi,
I've secured my web console according to the wiki page - all seems quite straightforward. I'm obviously missing an understanding somewhere. When I now try to navigate to the web-console, I get :

type Status report (HTTP error 403)

message Configuration error: Cannot perform access control without an authenticated principal

description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.

Now I guess I was expecting some magic login dialog box to appear. What else do I have to do to make this happen?\

Any help much appreciated,
Tim

1. Securing web console

bo0m3r4n9 Dec 22, 2005 12:49 AM (in response to fraccy)
Hello!! I have spent a lot of hours with the same problem and finally i was able to fix it, just trying out everything because nowhere on the internet i found the solution, so here it is what has worked for me:

On the web.xml file located at /deploy/jmx-console.war/WEB-INF/, i added this tag, because i found it on another example configuration files of Tomcat. I don't know why hasn't been included in the default file provided by the JBoss installation, so here it is:

<login-config> <auth-method>BASIC</auth-method> <realm-name>Secured services</realm-name> </login-config>

I hope this helps!!
Actions
2. Re: Securing web console

starksm64 Dec 22, 2005 4:11 AM (in response to fraccy)
the default web.xml certainly does include a template for securing the war:

<login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config>

http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
Actions
3. Re: Securing web console

$fraccy$
fraccy Dec 22, 2005 5:25 AM (in response to fraccy)
You're an absolute star, thats exactly what I needed.

Thankyou.

"bo0m3r4n9" wrote:
Hello!! I have spent a lot of hours with the same problem and finally i was able to fix it, just trying out everything because nowhere on the internet i found the solution, so here it is what has worked for me:

On the web.xml file located at /deploy/jmx-console.war/WEB-INF/, i added this tag, because i found it on another example configuration files of Tomcat. I don't know why hasn't been included in the default file provided by the JBoss installation, so here it is:

<login-config> <auth-method>BASIC</auth-method> <realm-name>Secured services</realm-name> </login-config>

I hope this helps!!
Actions
4. Re: Securing web console

bo0m3r4n9 Dec 22, 2005 8:02 PM (in response to fraccy)

Oh I see, I didn't read the wiki because I was following the "Getting Started with JBoss 4.0 release 4". I'll keep it in mind next time.
Actions
5. Re: Securing web console

maulikshah Jan 9, 2007 1:03 AM (in response to fraccy)

Hi All,

The above mentioned coed wores for me also.But now I want to enable encrypted password instead of plain text password which is stored in the users.properties for jmx-console.
I mean i have to store encrypted password instead of plain text password in the users.properties file.

Can anyone help?

Thanks
Maulik
Actions
6. Re: Securing web console

vgarmash Apr 3, 2011 12:22 AM (in response to maulikshah)

Read JBoss Getting started guide: http://docs.jboss.org/jbossas/getting_started/v2/startguide40/security.html
Actions

Go to original post