2 Replies Latest reply on Jun 26, 2009 2:34 PM by Caio Cesar

    Problem with JMX authentication

    Caio Cesar Newbie

      Hi!

      It is my first time on this forum, so I hope someone can help me :)

      I'm trying to use authentication on my JMX console, but I have no sucess. I have already done this:

      I let the file:

      deploy/jmx-console.war/WEB-INF/jboss-web.xml

      With the following data:

      <jboss-web>
       <security-domain>java:/jaas/jmx-console</security-domain>
      </jboss-web>
      


      (enabling the JMX auth).

      In the file web.xml (.), I have taken out the comments for the security constraint, so the file is with the following data:

      <?xml version="1.0"?>
      <!DOCTYPE web-app PUBLIC
       "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
       "http://java.sun.com/dtd/web-app_2_3.dtd">
      
      <web-app>
       <description>The standard web descriptor for the html adaptor</description>
       <!--
       <filter>
       <filter-name>JmxOpsAccessControlFilter</filter-name>
       <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
       <init-param>
       <param-name>updateAttributes</param-name>
       <param-value>UpdateAttributeRole</param-value>
       <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
       </init-param>
       <init-param>
       <param-name>invokeOp</param-name>
       <param-value>InvokeOpRole</param-value>
       <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
       </init-param>
       </filter>
       <filter-mapping>
       <filter-name>JmxOpsAccessControlFilter</filter-name>
       <servlet-name>HtmlAdaptor</servlet-name>
       </filter-mapping>
       -->
       <servlet>
       <servlet-name>HtmlAdaptor</servlet-name>
       <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
       </servlet>
       <servlet>
       <servlet-name>ClusteredConsoleServlet</servlet-name>
       <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
       <init-param>
       <param-name>jgProps</param-name>
       <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.partition.udpPort:45566}):
      org.jboss.jmx.adaptor.control.FindView
       </param-value>
       <description>The JGroups protocol stack config</description>
       </init-param>
       </servlet>
       <servlet>
       <servlet-name>DisplayMBeans</servlet-name>
       <jsp-file>/displayMBeans.jsp</jsp-file>
       </servlet>
       <servlet>
       <servlet-name>InspectMBean</servlet-name>
       <jsp-file>/inspectMBean.jsp</jsp-file>
       </servlet>
       <servlet>
       <servlet-name>DisplayOpResult</servlet-name>
       <jsp-file>/displayOpResult.jsp</jsp-file>
       </servlet>
       <servlet>
       <servlet-name>ClusterView</servlet-name>
       <jsp-file>/cluster/clusterView.jsp</jsp-file>
       </servlet>
      
       <servlet-mapping>
       <servlet-name>HtmlAdaptor</servlet-name>
       <url-pattern>/HtmlAdaptor</url-pattern>
       </servlet-mapping>
       <servlet-mapping>
       <servlet-name>ClusteredConsoleServlet</servlet-name>
       <url-pattern>/cluster/ClusteredConsole</url-pattern>
       </servlet-mapping>
       <servlet-mapping>
       <servlet-name>DisplayMBeans</servlet-name>
       <url-pattern>/DisplayMBeans</url-pattern>
       </servlet-mapping>
       <servlet-mapping>
       <servlet-name>InspectMBean</servlet-name>
       <url-pattern>/InspectMBean</url-pattern>
       </servlet-mapping>
       <servlet-mapping>
       <servlet-name>DisplayOpResult</servlet-name>
       <url-pattern>/DisplayOpResult</url-pattern>
       </servlet-mapping>
      
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
       role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>JBossAdmin</role-name>
       </auth-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>JBoss JMX Console</realm-name>
       </login-config>
      
       <security-role>
       <role-name>JBossAdmin</role-name>
       </security-role>
      </web-app>
      


      And in the end I added the users ( "example=passwd" and "example=JBossAdmin" ) on the file jmx-console-users.properties, but after I restart the JBoss server, I still haven't got it enabled...

      Is there something else to add that I forgot to do?

      tks,

      Caio Ribeiro Cesar