Yes, it is configured that way. I have done this before and it worked fine on AS 6.0.0 but its been giving me trouble since yesterday on AS 5.1.0! I know the .properties files are fine because if I log in using the admin-console (which also uses the jmx-console security domain), the username and password combination it accepts is the one I have in my properties file. It is supposed to be straight forward!
Ok, in that case have you ever entered a valid username and password into a pop up window in your web browser? For BASIC authentication it is quite common for the browser to cache the credentials and automatically present them to the server without further prompts.
If you have one available maybe try a connection from a machine / browser that has not been used to connect to the JMX console previously.
Even I am facing same issue, made changes in the web.xml, jboss-web.xml,login-config and the user.properties file. Still the popup to login for jmx-console does not appear. The jmx-console simply comes without the popup.
Daniel Manyemwe wrote:
That was my thinking as well, so I downloaded Chrome and tried with it, same thing, direct access!
Just tried from a non-dev machine, same thing, so it definitely isnt caching. I even rebooted the server, didnt work.
Were you able to find a solution for it?I have made the following changes.
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.-->
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
<realm-name>JBoss JMX Console</realm-name>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->
<!-- A template configuration for the jmx-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
Unfortunately I have not solved this problem, but the more secure alternative is to just undeploy the jmx-console. You can move the whole jmx-console.war directory out of /deploy, and should you need it again you can move it in.. not the best solution but given my time constraints thats the best I could come up with!
for those who find this topic by search:
There is a community courtesy notification for a severe security issue affecting some of the JBoss projects and products. Default security settings in web.xml protect only GET and POST protocols leaving another ones open. Please refer to the following Red Hat KBase article for more information:
Only when you apply the solution you can be sure that your JMX Console is protected.
Please note that Web Console has the same issue, and you need to apply the solution to it as well.
Also it is recommended to hash passwords in the config files. Read about how to do it in JBoss Getting Started guide.
I was somehow having the same problem. I made it work as follow:
I found there is missing:
<Realm className="org.jboss.web.tomcat.security.JBossWebRealm" certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" allRolesMode="authOnly" />
between "<Engine name="jboss.web" defaultHost="localhost">" and "<Host name="localhost">"
I am not sure why this is missing. The latest version of Jboss 5.1.0.GA is OK. Maybe, some version before missed it.