Hi

I am trying to secure access to the JMXInvoker. As the first step, I want to allow access only to authenticated users.

To achieve this, I followed the documentation given at-

http://community.jboss.org/wiki/SecureTheJmxConsole

under Secure the JMX Invokers. However, the browser still does not prompt me for a username password when I open the URL-

http://localhost:8080/invoker/JMXInvokerServlet

Could someone help me out with this? I am expecting the browser to prompt me for authentication when I invoke the IMXInvokerServlet. Am I amiss somewhere in my understanding of the concept (of securing JMX Invokers)?

Following are the steps I have followed so far.

• Edited the file jmx-invoker-service.xml to uncomment the following section

<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
                     securityDomain="java:/jaas/jmx-console"/>

• Defined the security domain jmx-console in the conf/login-config.xml file as shown below-

<application-policy name = "jmx-console">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
           <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

• jmx-console-users.properties and jmx-console-roles.properties have the default settings.

Any help is much appreciated.

-Neelesh