1. What is the format of the files users.properties and roles.properties

2. Do you need to restart jboss to have affects?

3. Why just not add :
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>

to the jmx-console login-module?

Yaron

Hi, I followed your steps faithfully and jmx-console did not ask for a username/password. I rebooted the server, and even the machine but no change, jmx-console still shows its output. Might it be caching something?

I was a bit vague on editing the .resources files. The original read something like

admin=DontRemember

and I changed it to:

admin.username=jose
admin.password=password

is this right? what is the syntax/purpose/consequence of this file?

the rest of the steps were very explicit so I think I got those right.

...thank you...

Jose

I found the syntax for the these users.properties and roles.properties files in the QuickStart-30x.pdf, but I still could not get it to work. It seems that the syntax for the username.properties file (the username-to-password mapping file) is:

username1=password1
username2=password2
...

and for the roles.properties file (the username-to-role mapping file) is:

username1=role1,role2,...

followed by optional groups:

username1.RoleGroup1=role3,role4,...

so my users.properties file now reads:

# A sample users.properties file ...
admin=admin
jose=password

and my roles.properties file now reads:

# A sample roles.properties file ...
admin=JBossAdmin
jose=JBossAdmin

but I still cant get it to work. Help !!!

...thanks...

J

Hi,

Did any one find the solution for this? My jmx-console still starts without needing any authentication.

Thanks

I have made these steps for protecting jmx-console:

1) Change user and password in:

{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/ users.properties
{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/ roles.properties

roles.properties should be okay, just change the already present entry in users.properties, like this:
admin=some_password

2) Go to file:

{INSTALL_DIR_JBOSS}/server/default/conf/login-config.xml

and change this:
<application-policy name = "jmx-console">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>

with this:

<application-policy name = "jmx-console">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">WEB-INF/classes/users.properties</module-option>
<module-option name="rolesProperties">WEB-INF/classes/roles.properties</module-option>
</login-module>

</application-policy>

Note: the path of the two properties files are relative to
{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war
Is not necessary to touch "other" (i think is not correct to touch this entry)

3) Go to file:

{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/jboss- web.xml

and uncomment the line:

<security-domain>java:/jaas/jmx-console</security-domain>

4) Go to file:

{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/ web.xml

and uncomment the section:

<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application

<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>

Note that the tag <role-name> must match the role in roles.properties .

4) Relaunch jboss.This time it should ask user/pass.

Hi gmilza,

I followed your instruction and I managed to see the login prompt when I access http://localhost:8080/jmx-console.

However, I always get this error
HTTP ERROR: 401 Unauthorized
RequestURI=/jmx-console

Not matter what userID and password I entered. My roles.properties and users.properties only have this line :
admin=admin

But I could not login. Do you have any clue? Please help.
Thanks

Ooops my mistake. Problem solve. Stupid mistake. Sorry.

Why not just remove server/default/deploy/jmx-console.war if we don't
intend to use the console in production?