Hi
I am trying to secure access to the JMXInvoker. As the first step, I want to allow access only to authenticated users.
To achieve this, I followed the documentation given at-
http://community.jboss.org/wiki/SecureTheJmxConsole
under Secure the JMX Invokers. However, the browser still does not prompt me for a username password when I open the URL-
http://localhost:8080/invoker/JMXInvokerServlet
Could someone help me out with this? I am expecting the browser to prompt me for authentication when I invoke the IMXInvokerServlet. Am I amiss somewhere in my understanding of the concept (of securing JMX Invokers)?
Following are the steps I have followed so far.
- Edited the file jmx-invoker-service.xml to uncomment the following section
<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
securityDomain="java:/jaas/jmx-console"/>
- Defined the security domain jmx-console in the conf/login-config.xml file as shown below-
<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
- jmx-console-users.properties and jmx-console-roles.properties have the default settings.
Any help is much appreciated.
-Neelesh