2 Replies Latest reply on Nov 12, 2010 3:43 AM by Neelesh Korade

    Securing JMXInvoker

    Neelesh Korade Newbie

      Hi

       

      I am trying to secure access to the JMXInvoker. As the first step, I want to allow access only to authenticated users.

       

      To achieve this, I followed the documentation given at-

       

      http://community.jboss.org/wiki/SecureTheJmxConsole

       

      under Secure the JMX Invokers. However, the browser still does not prompt me for a username password when I open the URL-

       

      http://localhost:8080/invoker/JMXInvokerServlet

       

      Could someone help me out with this? I am expecting the browser to prompt me for authentication when I invoke the IMXInvokerServlet. Am I amiss somewhere in my understanding of the concept (of securing JMX Invokers)?

       

      Following are the steps I have followed so far.

       

        • Edited the file jmx-invoker-service.xml to uncomment the following section

      <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
                           securityDomain="java:/jaas/jmx-console"/>


        • Defined the security domain jmx-console in the conf/login-config.xml file as shown below-

      <application-policy name = "jmx-console">
             <authentication>
                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                   flag = "required">
                 <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
                 <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
                </login-module>
             </authentication>
          </application-policy>

        • jmx-console-users.properties and jmx-console-roles.properties have the default settings.

       

      Any help is much appreciated.

       

      -Neelesh