1 Reply Latest reply on Dec 6, 2004 5:35 AM by Luc Texier

    Securing web-console problem

    Paul North Newbie

      I'm new and have just installed version 4.0 RC2 including the tomcat50-service.jar fix. I have run into two problems.

      First, I wanted to set up my own configuration so I made a copy of 'default'. Without touching a single thing I get this when I start with the new config:

      21:53:37,168 WARN [JARDeployer] Failed to add deployable jar: file:/C:/jboss-4.
      0.0RC2/server/myconfig/tmp/deploy/tmp61746index.html
      java.util.zip.ZipException: error in opening zip file
      at java.util.zip.ZipFile.open(Native Method)
      at java.util.zip.ZipFile.(ZipFile.java:112)
      at java.util.jar.JarFile.(JarFile.java:127)
      at java.util.jar.JarFile.(JarFile.java:65)
      at org.jboss.deployment.SubDeployerSupport.processNestedDeployments(SubD

      Along with a lot of other "at" messages. I've repeated this many times. So I just ended up modifying 'default'.

      My 2nd problem is that I want to secure the jmx-console and the web-console apps. I followed the instructions at:

      http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole

      The jmx-console part worked fine. However, I've been unable to secure the web-console app. I have tried a number of things.

      The web-console app is an unexploded war file. I exploded it with pkzip and edited the approriate files. Then, using pkzip, I packaged it all up into a war file again and copied it back where the orginal was. No security is present. I can go straight to the web console without logging in. I have repeatadly checked the changes and cycled JBoss to no avail.

      I have also attempted to copy the exploded war into a directory called web-console.war under C:\jboss-4.0.0RC2\server\default\deploy\management, again to no avail.

      I have cleared out 'tmp', cycled, checked the xml files, all repeatedly and to no avail. I see no error messages of any kind and everything works normally except that there is no security on the web-console app.

      Also, if I try all of these things in a deploy directory of my own instead of 'default' I get all kinds of bizzare errors like zip exceptions, deployment error of TMPnnnnn.html files, missing files, etc. I have seen too many to mention.

      I've burned a lot of hours on this try more permutations than you can imagine. It's pretty frustrating!

        • 1. Re: Securing web-console problem
          Luc Texier Apprentice

          It's time to start over ;) First, please download 4.0 final.

          In this release, web-console.war is already exploded.
          if you have renamed the properties files as suggested in the wiki, make sure that the names match those specified in /conf/login-config.xml

          And last but not least, remember that if you have been able to login once, even if you recycle the server, the browser will let you get in until you close it and start it again.

          I'll update the wiki page.