1 Reply Latest reply on Jul 27, 2011 4:10 PM by Bhaskara Undi

    Problem loading Web-Console AppletBrowser after Securing Con

    John Holmes Newbie

      All,

      Ive secured the jmx-console and web-console for Jboss5. Jmx works great, accepts uid/password, and the web-console is accepting my uid/password, but when accessing it, the navtree.AppletBrowser fails to load.... and I see this error returned:

      http://server1:8080/web-console/Invoker
      java.io.EOFException
       at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown Source)
       at java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source)
       at java.io.ObjectInputStream.readStreamHeader(Unknown Source)
       at java.io.ObjectInputStream.<init>(Unknown Source)
       at org.jboss.console.remote.InvokerServlet.processRequest(InvokerServlet.java:95)
       at org.jboss.console.remote.InvokerServlet.doPost(InvokerServlet.java:148)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:189)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:91)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:92)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Unknown Source)
      
      
      


      Here's what ive changed, please let me know what's wrong?

      1. Edit file $JBOSSHOME/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml

      <!DOCTYPE jboss-web PUBLIC
       "-//JBoss//DTD Web Application 5.0//EN"
       "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
      
      <jboss-web>
       <!-- Uncomment the security-domain to enable security. You will
       need to edit the htmladaptor login configuration to setup the
       login modules used to authentication users. -->
       <security-domain>java:/jaas/jmx-console</security-domain>
      </jboss-web>
      


      2. Edit file $JBOSSHOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml

      <!-- A security constraint that restricts access to the HTML JMX console
       to users with the role JBossAdmin. Edit the roles to what you want and
       uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
       secured access to the HTML JMX console. -->
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
       role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>JBossAdmin</role-name>
       </auth-constraint>
       </security-constraint>
      


      3. Edit/create files $JBOSSHOME/server/default/conf:
      jmx-console-users.properties
      jmx-console-roles.properties
      web-console-roles.properties
      web-console-users.properties

      set the admin user/pass, edit the login-config.xml and point the web-console to props/

      At this point after a restart the jmx console will prompt for a uid/password but the web-console will not. So I edit these files, make the same changes as above step 1-2:

      4. Edit:
      $JBOSSHOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF

      jboss-web.xml & web.xml