-
1. Re: Secure jmx-console and web-console
peterj Feb 25, 2009 3:39 PM (in response to acastanheira2001)You could use a database or ldap server login module instead - the password in the database or ldap could be encrypted.
-
2. Re: Secure jmx-console and web-console
saguilar Feb 25, 2009 7:10 PM (in response to acastanheira2001)How can we change the ports of the web-sonsole and the jmx-console, I installed jboss AS 4.2.3 on a shared server and some applications migh try to use the 8080 port
-
3. Re: Secure jmx-console and web-console
peterj Feb 25, 2009 10:23 PM (in response to acastanheira2001)saguilar, please to not hijack someone else's post - start a new one instead. (By the way, you might look in the docs or wiki, the answers to your questions are there)
-
4. Re: Secure jmx-console and web-console
acastanheira2001 Feb 26, 2009 7:45 AM (in response to acastanheira2001)Hi Pj,
Thanks for the wiki SecureJboss.
I tried to implement the SecureTheJmxConsole (http://www.jboss.org/community/docs/DOC-12190).
Before applying the configuration I can access jmx-console without any access control.
After applying the configuration I get a BLANK PAGE and the following error in APACHE.LOG:
2009-02-26 09:42:19,729 WARN [FormAuthenticator] Unexpected error forwarding to login page
java.lang.NullPointerException
at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.forwardToLoginPage(ExtendedFormAuthenticator.java:141)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)
at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.authenticate(ExtendedFormAuthenticator.java:86)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:543)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
Any ideas,
Andre -
5. Re: Secure jmx-console and web-console
acastanheira2001 Feb 26, 2009 8:01 AM (in response to acastanheira2001)I forgot to mention that I couldn´t understand what was in jboss-web.xml:
"You will need to edit the tmladaptor login configuration to setup the login modules used to authentication users"
Don´t know what to do with it.
Thanks again,
Andre -
6. Re: Secure jmx-console and web-console
peterj Feb 26, 2009 11:04 AM (in response to acastanheira2001)I don't know what that sentence means, either. It could be a holdover from a prior configuration that never got changed.
When you uncomment the security-domain in jboss-web.xml, it reference the jmx-console login module in conf/login-config.xml, and that login module uses the conf/props/jmx-*.properties files for the users and roles. So if you are happy with the given users and roles, then uncommenting that line is jboss-web.xml is all that is required.
Wait a second, where did APACHE.LOG come from? Also, the stack trace does not look like it is from JBoss AS... What, exactly, are you running? -
7. Re: Secure jmx-console and web-console
acastanheira2001 Feb 27, 2009 9:02 AM (in response to acastanheira2001)Pj,
I have a jboss running on my windows desktop. In order to test the app I think that Jboss starts some products of Apache, for instance, coyote, catalina, etc...
The file apache.log appears in a log4j appender
<param name="DatePattern" value="'.'-dd"/>
And it is used in the following category:
<appender-ref ref="CONSOLE"/>
<appender-ref ref="apacheFileAppender"/>
<appender-ref ref="serverDbInfoAppender"/>
Hope it helps to understand my question,
Andre -
8. Re: Secure jmx-console and web-console
acastanheira2001 Feb 27, 2009 9:18 AM (in response to acastanheira2001)Peter,
I can´t post my log4j configuration.
Andre -
9. Re: Secure jmx-console and web-console
peterj Feb 27, 2009 1:37 PM (in response to acastanheira2001)When posting XML text or source code, please enclose the text in UBBCode "code" tags - you can do this by selecting the text and clicking the Code button above the editor window. Also, click the Preview button to ensure that the formatting is correct and the XML text shows up before posting.
-
10. Re: Secure jmx-console and web-console
acastanheira2001 Feb 27, 2009 2:49 PM (in response to acastanheira2001)I have a jboss running on my windows desktop. In order to test the app I think that Jboss starts some products of Apache, for instance, coyote, catalina, etc...
The file apache.log appears in a log4j appender:<appender name="apacheFileAppender" class="org.jboss.logging.appender.DailyRollingFileAppender"> <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> <param name="File" value="${jboss.server.log.dir}/apache.log"/> <param name="Append" value="true"/> <param name="DatePattern" value="'.'-dd"/> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%d %-5p [%c{1}] %m %n"/> </layout> </appender>
And it is used by the following category:
<!-- Limit the org.apache category to INFO as its DEBUG is verbose --> <category name="org.apache" additivity="false"> <priority value="INFO"/> <appender-ref ref="CONSOLE"/> <appender-ref ref="apacheFileAppender"/> <appender-ref ref="serverDbInfoAppender"/> </category>
Any ideias about the stack trace?
Thanks,
Andre -
11. Re: Secure jmx-console and web-console
peterj Feb 27, 2009 3:24 PM (in response to acastanheira2001)No ideas on the stack trace. Looks like it is debugging time. Try this: start with a fresh JBoss AS install and edit only that one jboss-web.xml file and see if that works.
-
12. Secure jmx-console and web-console
vgarmash Apr 3, 2011 12:45 AM (in response to acastanheira2001)People! LDAP, database.....
How about to read
JBoss Getting Started guide.? Section
9.2. Using Password Hashing