jmx-console is a servlet, adding standard web tier security to web.xml should do the job

By uncommenting the security sections of the web.xml (<security-constraint>) and jboss-web.xml (<security-domain>) descriptors you enable HTTP basic authentication that restricts access to the jmx-console application to username=admin, password=admin. The username and password are determined by the admin=admin line in the
WEB-INF/classes/users.properties file.

hello...

i have changed the web.xml, jboss-web.xml files as required (removed the security related comments). also i have added users.properties,roles.properties to web-inf/classes folder. Now, when i invoke http://localhost:8080/jmx-console, it gives a pop-up for userid/passwd but even though i enter the correct credentials it shows a "Error 403: access to requested resource denied" error.

any help wd be appreciated, as to why this is happeneing.

thanks & regards

C:\%jboss_dist%\server\default\deploy\jmx-console.war\WEB-INF\classes\users.properties contains the userid and password. For example,

user1=password1

Then in C:\<%jboss_dist%>\server\default\deploy\jmx-console.war\WEB-INF\classes\roles.properties, make sure you grant user1 the "JBossAdmin" role. For example,

user1=JBossAdmin

Access the jmx-console http://:8080/jmx-console and enter the userid and password you defined in users.properties. In the above example, its user1 (userid) and password1 (password).

If you want to change the userid and password, all you have to do is modify the users.properties using syntax =. Whatever userid you defined in users.properties, dont forget to grant it the "JBossAdmin" role in roles.properties using syntax: =

Note: the users.properties and roles.properties that you should modify for the jmx-console security should be the ones in the <jboss_dist>.....\jmx-console.war\WEB-INF\classes\

Hope this helps.

i have done excatly as mentioned, still it gives me 403 access denied error, even though i enter the correct credentials... do we need to change anything in login-config.xml

I didnt have to modify the login-config.xml to secure the jmx-console page.

When you typed in the url in your browser, did you even get to the part where a small window pops up and asks for a userid and password? Because if you did and you're not entering the userid correctly, the message you get should be 401 - Unauthorized.

I've encountered "403 - Access to the requested resource has been denied" error message before. And this happens to me only when I try to access the jmx-console page through IIS web server, "http://localhost/jmx-console" (I've setup my configuration to pass through IIS and do a redirect to my Apache/Tomcat - Jboss Installation). But if I go through the other http route using "http://localhost:8080/jmx-console", the userid/password authentication works perfectly for me.
Your setup may be different but if you use the same configuration as I do, try accessing the jmx-console via the 8080 route.

Other than that I cant think of other things that would cause your authentication not to work. Did you try to restart jboss?

Sorry if i cant be of much help, i'm a jboss newbie. Try posting this on the Installation/Configuration forum.

problem solved.

seems like there was a older copy of roles.properties lying in default/conf folder, which was causing the issues.

thanks for yr time.

cheers