There is no change in the security layer between the two versions. Try securing the jmx-console.war with the same security domain between the 2 versions. If that shows the same problem report back on that.
Finally, the problem was fixed. I setup mysql database and use defaultDS as the JDBC-connector for JMX-console authenication. Both version of JBOSS AS works for this database.
However I would like to caching for the JBoss authenication. When I insert one record into MySQL database for new user, and then I login the JMX-console using a new user. However it return fail to login.
So I restart the JBOSS AS and then re-login again. It works.
So how can I change the caching parameter for JBOSS AS?
Thanks a lot.