Security of the jmx-console
gidi15 Apr 22, 2012 12:29 PMHello,
I'm trying to set a password to the jmx-console;
to do this I understood that I modify 3 files (jboss-web.xml,web.xml and login-config.xml); after doing this operations,
I have restarted jboss and in the console there is this message of error in the file web.xml (I put now a minimal part of the text on consolle)
Caused by: org.xml.sax.SAXException: The content of element type "servlet" must
match "(icon?,servlet-name,display-name?,description?,(servlet-class|jsp-file),i
nit-param*,load-on-startup?,run-as?,security-role-ref*)". @ vfs:///C:/Programmi/
JBoss/jboss-6.1.0/common/deploy/jmx-console.war/WEB-INF/web.xml[54,14]
What does this message mean? For me there isn't any error in the fileweb.xml (I specify the line 54):
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>The standard web descriptor for the html adaptor</description>
<!--
<filter>
<filter-name>JmxOpsAccessControlFilter</filter-name>
<filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
<init-param>
<description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
<param-name>updateAttributes</param-name>
<param-value>UpdateAttributeRole</param-value>
</init-param>
<init-param>
<description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
<param-name>invokeOp</param-name>
<param-value>InvokeOpRole</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>JmxOpsAccessControlFilter</filter-name>
<servlet-name>HtmlAdaptor</servlet-name>
</filter-mapping>
-->
<servlet>
<servlet-name>HtmlAdaptor</servlet-name>
<servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>ClusteredConsoleServlet</servlet-name>
<servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
<init-param>
<param-name>jgProps</param-name>
<param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.jmxconsolepartition.mcast_port:46666}):
org.jboss.jmx.adaptor.control.FindView
</param-value>
<description>The JGroups protocol stack config</description>
</init-param>
</servlet>
<servlet>
<servlet-name>DisplayMBeans</servlet-name>
<jsp-file>/displayMBeans.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>InspectMBean</servlet-name>
<jsp-file>/inspectMBean.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>DisplayOpResult</servlet-name>s
<jsp-file>/displayOpResult.jsp</jsp-file>
(riga 54) </servlet>
<servlet>
<servlet-name>ClusterView</servlet-name>
<jsp-file>/cluster/clusterView.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>ProfileServiceDebugServlet</servlet-name>
<servlet-class>org.jboss.profileservice.web.DebugServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HtmlAdaptor</servlet-name>
<url-pattern>/HtmlAdaptor</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ClusteredConsoleServlet</servlet-name>
<url-pattern>/cluster/ClusteredConsole</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DisplayMBeans</servlet-name>
<url-pattern>/DisplayMBeans</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>InspectMBean</servlet-name>
<url-pattern>/InspectMBean</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DisplayOpResult</servlet-name>
<url-pattern>/DisplayOpResult</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ProfileServiceDebugServlet</servlet-name>
<url-pattern>/ProfileServiceDebugServlet</url-pattern>
</servlet-mapping>
<!-- Display a generic error page when HTTP Status 500 exceptions
occur. -->
<error-page>
<error-code>500</error-code>
<location>/genericError.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
</web-app>