Secure Jolokia war with JBoss EAP 7
gfo44 Apr 30, 2019 5:26 AMHello,
I want to deploy Jolokia's war to JBoss EAP 7. But I have the error "Unauthorized" when I enter my login/password.
If someone can have a look at my configuration below, I would appreciate (sorry for the format of XML code, I can't make it work...)
Here is an extract of my web.xml :
<!--
Security enabled by default. Please update to match you specific security setup (e.g. the auth-method)
-->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Jolokia-Agent Access</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SuperUser</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>SuperUser</role-name>
</security-role>
I have also created a file jboss-web.xml under the WEB-INF folder. Its content is:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>other</security-domain>
</jboss-web>
Besides, in my domain.xml, I have the following:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
In my application-users.properties and application-roles.properties, I have the following:
application-roles.properties :
jolokia=SuperUser
application-users.properties:
jolokia=XXXXXXXXX
But when I go to Jolokia's URL, and when I enter "jolokia" login and "XXXXXXXXX" password, I have the "Unauthorized" error.
Do you see something wrong in my configuration?
Thanks a lot for your help.