0 Replies Latest reply on Mar 4, 2016 1:49 AM by liang cheng

    [Standalone Wildfly + JMX] Is it possible to use "ApplicationRealm" to authenticate remote JMX access

    liang cheng Newbie

      Hi, all

      Just as following official document said, in standalone mode, when client remote access to MBeanServer, wildfly will use authentication methods being defined in ManagementRealm to authenticate client.

      When configuring the security realms remote access to the server's MBeanServer needs a special mention. When running in standalone mode the following is the default configuration:

      <subsystem xmlns="urn:jboss:domain:jmx:1.3">

       

        ...

        <remoting-connector/>

      </subsystem>

      With this configuration remote access to JMX is provided over the http management interface, this is secured using the realm ManagementRealm

      In my case, I'd like to use other security realm, actually I need use ApplicationRealm. But I don't know how to do this, what I have tried is configure "use-management-endpoint" to false as below,

      <subsystem xmlns="urn:jboss:domain:jmx:1.3">

                  <expose-resolved-model/>

                  <expose-expression-model/>

                  <remoting-connector use-management-endpoint="false"/>

      </subsystem>

      because the JMX xsd document says "If true then this connector will use the management endpoint, otherwise it will use the remoting subsystem endpoint." , and the remoting subsystem is configured to use ApplicationRealm as below

            <subsystem xmlns="urn:jboss:domain:remoting:3.0">

                  <endpoint worker="default"/>

                  <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>

              </subsystem>

       

      Maybe I misunderstand something. Please help me