Steps to protect jmx-console:
1) Change user and password in:
{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/users.properties
{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/classes/roles.properties
2) Go to file:
{INSTALL_DIR_JBOSS}/server/default/conf/login-config.xml
comment th following:
<application-policy name = "jmx-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>-->
and replace this section (bottom) :
<application-policy name = "other">
.....
.....
</application-policy>
for this one:
<application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
</login-module>
</application-policy>
3) Go to file:
{INSTALL_DIR_JBOSS}/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
and uncomment the line:
<security-domain>java:/jaas/jmx-console</security-domain>
4) Finish. If you try to enter to the jmx-console a password will be required.
Please post to FAQ forum.