0 Replies Latest reply on Aug 30, 2003 11:13 AM by ovjo

    Linux Apache 2.0 and JBoss 3.2.x JK2 configuration

    ovjo

      I have made these steps for protecting jmx-console:

      1) Change user and password in:

      {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/ users.properties
      {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/ roles.properties

      roles.properties should be okay, just change the already present entry in users.properties, like this:
      admin=some_password

      2) Go to file:

      {INSTALL_DIR_JBOSS}/server/default/conf/login-config.xml

      and change this:
      <application-policy name = "jmx-console">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>

      with this:

      <application-policy name = "jmx-console">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required">
      <module-option name="usersProperties">WEB-INF/classes/users.properties</module-option>
      <module-option name="rolesProperties">WEB-INF/classes/roles.properties</module-option>
      </login-module>

      </application-policy>

      Note: the path of the two properties files are relative to
      {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war
      Is not necessary to touch "other" (i think is not correct to touch this entry)

      3) Go to file:

      {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/jboss- web.xml

      and uncomment the line:

      <security-domain>java:/jaas/jmx-console</security-domain>

      4) Go to file:

      {INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/ web.xml

      and uncomment the section:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>HtmlAdaptor</web-resource-name>
      An example security config that only allows users with the
      role JBossAdmin to access the HTML JMX console web application

      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>JBossAdmin</role-name>
      </auth-constraint>
      </security-constraint>

      Note that the tag <role-name> must match the role in roles.properties .

      4) Relaunch jboss.This time it should ask user/pass.