1 Reply Latest reply on Apr 23, 2012 2:28 AM by vphanibhushanreddy

    Security of the jmx-console

    gidi15

      Hello,

       

      I'm trying to set a password to the jmx-console;

       

      to do this I understood that I modify 3 files (jboss-web.xml,web.xml and login-config.xml); after doing this operations,

       

      I have restarted jboss and in the console there is this message of error in the file web.xml (I put now a minimal part of the text on consolle)

       

      Caused by: org.xml.sax.SAXException: The content of element type "servlet" must

      match "(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),i

      nit-param*,load-on-startup?,run-as?,security-role-ref*)". @ vfs:///C:/Programmi/

      JBoss/jboss-6.1.0/common/deploy/jmx-console.war/WEB-INF/web.xml[54,14]

       

      What does this message mean? For me there isn't any error in the fileweb.xml (I specify the line 54):

       

      <?xml version="1.0"?>

      <!DOCTYPE web-app PUBLIC

         "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"

         "http://java.sun.com/dtd/web-app_2_3.dtd">

       

      <web-app>

         <description>The standard web descriptor for the html adaptor</description>

         <!--

          <filter>

            <filter-name>JmxOpsAccessControlFilter</filter-name>

            <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>

            <init-param>

              <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>

              <param-name>updateAttributes</param-name>

              <param-value>UpdateAttributeRole</param-value>

            </init-param>

            <init-param>

              <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>

              <param-name>invokeOp</param-name>

              <param-value>InvokeOpRole</param-value>

            </init-param>

         </filter>

         <filter-mapping>

            <filter-name>JmxOpsAccessControlFilter</filter-name>

            <servlet-name>HtmlAdaptor</servlet-name>

         </filter-mapping>

         -->

         <servlet>

            <servlet-name>HtmlAdaptor</servlet-name>

            <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>

         </servlet>

         <servlet>

            <servlet-name>ClusteredConsoleServlet</servlet-name>

            <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>

            <init-param>

               <param-name>jgProps</param-name>

               <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.jmxconsolepartition.mcast_port:46666}):

      org.jboss.jmx.adaptor.control.FindView

               </param-value>

               <description>The JGroups protocol stack config</description>

            </init-param>

         </servlet>

         <servlet>

            <servlet-name>DisplayMBeans</servlet-name>

            <jsp-file>/displayMBeans.jsp</jsp-file>

         </servlet>

         <servlet>

            <servlet-name>InspectMBean</servlet-name>

            <jsp-file>/inspectMBean.jsp</jsp-file>

         </servlet>

         <servlet>

            <servlet-name>DisplayOpResult</servlet-name>s

            <jsp-file>/displayOpResult.jsp</jsp-file>

      (riga 54)                </servlet>

         <servlet>

            <servlet-name>ClusterView</servlet-name>

            <jsp-file>/cluster/clusterView.jsp</jsp-file>

         </servlet>

         <servlet>

            <servlet-name>ProfileServiceDebugServlet</servlet-name>

            <servlet-class>org.jboss.profileservice.web.DebugServlet</servlet-class>

         </servlet>

       

         <servlet-mapping>

            <servlet-name>HtmlAdaptor</servlet-name>

            <url-pattern>/HtmlAdaptor</url-pattern>

         </servlet-mapping>

         <servlet-mapping>

            <servlet-name>ClusteredConsoleServlet</servlet-name>

            <url-pattern>/cluster/ClusteredConsole</url-pattern>

         </servlet-mapping>

         <servlet-mapping>

            <servlet-name>DisplayMBeans</servlet-name>

            <url-pattern>/DisplayMBeans</url-pattern>

         </servlet-mapping>

         <servlet-mapping>

            <servlet-name>InspectMBean</servlet-name>

            <url-pattern>/InspectMBean</url-pattern>

         </servlet-mapping>

         <servlet-mapping>

            <servlet-name>DisplayOpResult</servlet-name>

            <url-pattern>/DisplayOpResult</url-pattern>

         </servlet-mapping>

         <servlet-mapping>

            <servlet-name>ProfileServiceDebugServlet</servlet-name>

            <url-pattern>/ProfileServiceDebugServlet</url-pattern>

         </servlet-mapping>

       

         <!-- Display a generic error page when HTTP Status 500 exceptions

              occur. -->

         <error-page>

            <error-code>500</error-code>

            <location>/genericError.jsp</location>

         </error-page>

       

        

       

         <security-constraint>

           <web-resource-collection>

             <web-resource-name>HtmlAdaptor</web-resource-name>

             <description>An example security config that only allows users with the

               role JBossAdmin to access the HTML JMX console web application

             </description>

             <url-pattern>/*</url-pattern>

           </web-resource-collection>

           <auth-constraint>

             <role-name>JBossAdmin</role-name>

           </auth-constraint>

         </security-constraint>

        

       

         <login-config>

            <auth-method>BASIC</auth-method>

            <realm-name>JBoss JMX Console</realm-name>

         </login-config>

       

         <security-role>

            <role-name>JBossAdmin</role-name>

         </security-role>

      </web-app>

        • 1. Re: Security of the jmx-console
          vphanibhushanreddy

          In that line, Could you please confirm if there is an 's' in actual web.xml or typo while posting. If it's extra 's' then change it and run. It should work. In general these type of errors occur, when XML is not confirmed to Web_app_2.3.xsd. It checks the sequence of tags, so it's referring after servlet-name there should be an optional display-name or class file or jsp file.

           

             <servlet>

                <servlet-name>DisplayOpResult</servlet-name>s

                <jsp-file>/displayOpResult.jsp</jsp-file>

          (riga 54)                </servlet>

             <servlet>