When you use the org.jboss.security.auth.spi.UsersRolesLoginModule for authentication, you need to create a users.properties file in the same directory as the configuration files for your JBoss instance - "instance"/conf. So if you run the default instance, the file needs to be in server/default/conf of your 3.2.0 distribution. In your case, it will need to be in server/all/conf.
The file contains users and their passwords, one user per line in the following format:
So you'll need to create the file as it doesn't exist by default.
thanks for the info.
I did as you said, restarted and still can't get in.
is there another congfig to edit?
Sorry. A little distracted. The other file you will need is a roles.properties that specifies the roles that the login fulfils. This all ties together like this:
In your server/all/jmx-console.war/WEB-INF directory, you will have a jboss-service.xml that will have a setting to turn on JAAS authentication for the scurity domain.
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
In web.xml in the same directory, you will set servlet security, with the following:
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
<realm-name>JBoss JMX Console</realm-name>
Essentially, you do BASIC authentication and anyone authenticated who has a security role of JBossAdmin can access all jmx-console pages - review servlet security mechanisms to understand this part better.
Now, say you want a user Frodo with password Samwise to be able to be able to access the jmx-console.
So in users.properties, you should at least have the line:
Now in roles.properties, you want Frodo to at least have the role, JBossAdmin which is the security role required to access jmx-console. The line in the file is:
An authenticated user can have more than one role, with roles separated by commas.
Hope that helps and makes sense.
makes perfect sense. edited accordingly.
and still cannot get in. I restarted twice to be sure, and made sure all properties files are in the conf dir of each instance.
any other ideas?
OK. Go back to basics. Try commenting out the security-constraint, the login-config and security-role from your web.xml. Comment out the security-domain in jboss-web.xml. Restart it. We've just turned off authentication.
If that doesn't fix it then you have a problem - either it is not the instance you think it is, or there is something else overriding your authentication method.
I assume, you are starting the "all" instance via either:
run.sh -c all
run.bat -c all
Also, I assume that server/all/login-config.xml has the following entry uncommented in it?
<application-policy name = "jmx-console">
flag = "required" />
checked 'em all.
turning off security didn't work. I updated the jboss-web.xml, web.xml commented it all out. updated login-config.xml didn't disable security.
Perhaps I should re-install. Will try that, and follow your directions.
I noticed that there's a users.properties in my classes directory. no entries, but it's there.
I'm going to reinstall, go over your suggestions and try as you say, "from the beginning". thanks so much. will post again after all this.