0 Replies Latest reply on Aug 30, 2005 10:27 AM by Prashant n

    Securing JBOSS installation

    Prashant n Newbie

      hi,
      I have followed the page http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss for securing the jmx-console. my config files look like

      the web.xml

      <!-- A security constraint that restricts access to the HTML JMX console
      to users with the role JBossAdmin. Edit the roles to what you want and
      uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
      secured access to the HTML JMX console.-->
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>HtmlAdaptor</web-resource-name>
      <description>An example security config that only allows users with the
      role JBossAdmin to access the HTML JMX console web application
      </description>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>JBossAdmin</role-name>
      </auth-constraint>
      </security-constraint>


      the jboss-web.xml

      jboss-web>
      <!-- Uncomment the security-domain to enable security. You will
      need to edit the htmladaptor login configuration to setup the
      login modules used to authentication users.-->
      <security-domain>java:/jaas/jmx-console</security-domain>
      </jboss-web>


      the jmx-console-roles.properties file

      # A sample roles.properties file for use with the UsersRolesLoginModule
      admin=admin


      and the file jmx-console-users.properties

      # A sample users.properties file for use with the UsersRolesLoginModule
      admin=admin


      after i try to login i am greeted with login prompt in which i type admin as username and admin as password. Now I get this error:

      HTTP Status 403 - Access to the requested resource has been denied
      --------------------------------------------------------------------------------
      type Status report
      message Access to the requested resource has been denied
      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
      --------------------------------------------------------------------------------
      Apache Tomcat/5.0.28


      what am i doing worng here? please guide me