6 Replies Latest reply on May 5, 2003 12:43 PM by imorti

    installed, run and can't login to console

    imorti Newbie

      I installed Jboss 3.2.0. Ran it with 'all' argument, now when I hit the console I get prompted for a u/p.

      what is the default u/p for logging into the console?

      can't find it in the docs.

      -I

        • 1. Re: installed, run and can't login to console
          Jon Barnett Master

          When you use the org.jboss.security.auth.spi.UsersRolesLoginModule for authentication, you need to create a users.properties file in the same directory as the configuration files for your JBoss instance - "instance"/conf. So if you run the default instance, the file needs to be in server/default/conf of your 3.2.0 distribution. In your case, it will need to be in server/all/conf.

          The file contains users and their passwords, one user per line in the following format:
          username=password

          So you'll need to create the file as it doesn't exist by default.

          • 2. Re: installed, run and can't login to console
            imorti Newbie

            thanks for the info.

            I did as you said, restarted and still can't get in.

            is there another congfig to edit?

            • 3. Re: installed, run and can't login to console
              Jon Barnett Master

              Sorry. A little distracted. The other file you will need is a roles.properties that specifies the roles that the login fulfils. This all ties together like this:

              In your server/all/jmx-console.war/WEB-INF directory, you will have a jboss-service.xml that will have a setting to turn on JAAS authentication for the scurity domain.

              <jboss-web>
              <!-- Uncomment the security-domain to enable security. You will
              need to edit the htmladaptor login configuration to setup the
              login modules used to authentication users.
              -->
              <security-domain>java:/jaas/jmx-console</security-domain>
              </jboss-web>

              In web.xml in the same directory, you will set servlet security, with the following:

              <security-constraint>
              <web-resource-collection>
              <web-resource-name>HtmlAdaptor</web-resource-name>
              An example security config that only allows users with the
              role JBossAdmin to access the HTML JMX console web application

              <url-pattern>/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
              <role-name>JBossAdmin</role-name>
              </auth-constraint>
              </security-constraint>

              <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>JBoss JMX Console</realm-name>
              </login-config>

              <security-role>
              <role-name>JBossAdmin</role-name>
              </security-role>

              Essentially, you do BASIC authentication and anyone authenticated who has a security role of JBossAdmin can access all jmx-console pages - review servlet security mechanisms to understand this part better.

              Now, say you want a user Frodo with password Samwise to be able to be able to access the jmx-console.

              So in users.properties, you should at least have the line:
              Frodo=Samwise

              Now in roles.properties, you want Frodo to at least have the role, JBossAdmin which is the security role required to access jmx-console. The line in the file is:
              Frodo=JBossAdmin

              An authenticated user can have more than one role, with roles separated by commas.

              Hope that helps and makes sense.

              • 4. Re: installed, run and can't login to console
                imorti Newbie

                makes perfect sense. edited accordingly.

                and still cannot get in. I restarted twice to be sure, and made sure all properties files are in the conf dir of each instance.

                any other ideas?

                • 5. Re: installed, run and can't login to console
                  Jon Barnett Master

                  OK. Go back to basics. Try commenting out the security-constraint, the login-config and security-role from your web.xml. Comment out the security-domain in jboss-web.xml. Restart it. We've just turned off authentication.

                  If that doesn't fix it then you have a problem - either it is not the instance you think it is, or there is something else overriding your authentication method.

                  I assume, you are starting the "all" instance via either:
                  run.sh -c all
                  or
                  run.bat -c all

                  Also, I assume that server/all/login-config.xml has the following entry uncommented in it?

                  <application-policy name = "jmx-console">

                  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                  flag = "required" />

                  </application-policy>

                  • 6. Re: installed, run and can't login to console
                    imorti Newbie

                    checked 'em all.

                    turning off security didn't work. I updated the jboss-web.xml, web.xml commented it all out. updated login-config.xml didn't disable security.

                    Perhaps I should re-install. Will try that, and follow your directions.

                    I noticed that there's a users.properties in my classes directory. no entries, but it's there.

                    I'm going to reinstall, go over your suggestions and try as you say, "from the beginning". thanks so much. will post again after all this.

                    cheers.

                    -I