There is what I've done so far...

1. moved web-console.war to new dir and extracted it (jav -xvf web-console.jar)

2. edit web.xml -> uncomment the security-constrint block
edit jboss-web.xml -> uncomment the security-domain block.

3. edit user properties file and set admin=

4. recreated the war file (jar -cvf web-console.war *) and replaced the old.

When I start jboss and try to access the web-console I get an invalid password error. Did I miss something? Also I did follow the same steps and didn't have any problems in securing the jmx-console.

The environment is jboss 3.2.5 running on linux.