2 Replies Latest reply on Nov 12, 2010 3:43 AM by Neelesh Korade

    Securing JMXInvoker

    Neelesh Korade Newbie



      I am trying to secure access to the JMXInvoker. As the first step, I want to allow access only to authenticated users.


      To achieve this, I followed the documentation given at-




      under Secure the JMX Invokers. However, the browser still does not prompt me for a username password when I open the URL-




      Could someone help me out with this? I am expecting the browser to prompt me for authentication when I invoke the IMXInvokerServlet. Am I amiss somewhere in my understanding of the concept (of securing JMX Invokers)?


      Following are the steps I have followed so far.


        • Edited the file jmx-invoker-service.xml to uncomment the following section

      <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"

        • Defined the security domain jmx-console in the conf/login-config.xml file as shown below-

      <application-policy name = "jmx-console">
                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                   flag = "required">
                 <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
                 <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

        • jmx-console-users.properties and jmx-console-roles.properties have the default settings.


      Any help is much appreciated.