- 
        1. Re: STEPS to protect the jmx-console with passwdgelrad Feb 19, 2003 11:15 AM (in response to cronos)1. What is the format of the files users.properties and roles.properties 
 2. Do you need to restart jboss to have affects?
 3. Why just not add :
 <module-option name="usersProperties">users.properties</module-option>
 <module-option name="rolesProperties">roles.properties</module-option>
 to the jmx-console login-module?
 Yaron
- 
        2. Re: STEPS to protect the jmx-console with passwdjannunzi Mar 10, 2003 5:26 PM (in response to cronos)Hi, I followed your steps faithfully and jmx-console did not ask for a username/password. I rebooted the server, and even the machine but no change, jmx-console still shows its output. Might it be caching something? 
 I was a bit vague on editing the .resources files. The original read something like
 admin=DontRemember
 and I changed it to:
 admin.username=jose
 admin.password=password
 is this right? what is the syntax/purpose/consequence of this file?
 the rest of the steps were very explicit so I think I got those right.
 ...thank you...
 Jose
- 
        3. Re: STEPS to protect the jmx-console with passwdjannunzi Mar 11, 2003 9:11 AM (in response to cronos)I found the syntax for the these users.properties and roles.properties files in the QuickStart-30x.pdf, but I still could not get it to work. It seems that the syntax for the username.properties file (the username-to-password mapping file) is: 
 username1=password1
 username2=password2
 ...
 and for the roles.properties file (the username-to-role mapping file) is:
 username1=role1,role2,...
 followed by optional groups:
 username1.RoleGroup1=role3,role4,...
 so my users.properties file now reads:
 # A sample users.properties file ...
 admin=admin
 jose=password
 and my roles.properties file now reads:
 # A sample roles.properties file ...
 admin=JBossAdmin
 jose=JBossAdmin
 but I still cant get it to work. Help !!!
 ...thanks...
 J
- 
        4. Re: STEPS to protect the jmx-console with passwdsbhat Mar 12, 2003 4:29 PM (in response to cronos)Hi, 
 Did any one find the solution for this? My jmx-console still starts without needing any authentication.
 Thanks
- 
        5. Re: STEPS to protect the jmx-console with passwdgmilza Mar 19, 2003 6:53 AM (in response to cronos)I have made these steps for protecting jmx-console: 
 1) Change user and password in:
 {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/ users.properties
 {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/ roles.properties
 roles.properties should be okay, just change the already present entry in users.properties, like this:
 admin=some_password
 2) Go to file:
 {INSTALL_DIR_JBOSS}/server/default/conf/login-config.xml
 and change this:
 <application-policy name = "jmx-console">
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required" />
 </application-policy>
 with this:
 <application-policy name = "jmx-console">
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name="usersProperties">WEB-INF/classes/users.properties</module-option>
 <module-option name="rolesProperties">WEB-INF/classes/roles.properties</module-option>
 </login-module>
 </application-policy>
 Note: the path of the two properties files are relative to
 {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war
 Is not necessary to touch "other" (i think is not correct to touch this entry)
 3) Go to file:
 {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/jboss- web.xml
 and uncomment the line:
 <security-domain>java:/jaas/jmx-console</security-domain>
 4) Go to file:
 {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/ web.xml
 and uncomment the section:
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HtmlAdaptor</web-resource-name>
 An example security config that only allows users with the
 role JBossAdmin to access the HTML JMX console web application
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>JBossAdmin</role-name>
 </auth-constraint>
 </security-constraint>
 Note that the tag <role-name> must match the role in roles.properties .
 4) Relaunch jboss.This time it should ask user/pass.
- 
        6. Re: STEPS to protect the jmx-console with passwdmpls2000 Apr 9, 2003 5:32 AM (in response to cronos)Hi gmilza, 
 I followed your instruction and I managed to see the login prompt when I access http://localhost:8080/jmx-console.
 However, I always get this error
 HTTP ERROR: 401 Unauthorized
 RequestURI=/jmx-console
 Not matter what userID and password I entered. My roles.properties and users.properties only have this line :
 admin=admin
 But I could not login. Do you have any clue? Please help.
 Thanks
- 
        7. Re: STEPS to protect the jmx-console with passwdmpls2000 Apr 9, 2003 5:34 AM (in response to cronos)Ooops my mistake. Problem solve. Stupid mistake. Sorry. 
- 
        8. Re: STEPS to protect the jmx-console with passwddocjava_seattle Aug 27, 2003 3:59 PM (in response to cronos)Why not just remove server/default/deploy/jmx-console.war if we don't 
 intend to use the console in production?
 
     
     
     
     
     
    