6 Replies Latest reply on Apr 3, 2011 12:22 AM by Viacheslav Garmash

    Securing web console

    Tim Putnam Newbie

      Hi,
      I've secured my web console according to the wiki page - all seems quite straightforward. I'm obviously missing an understanding somewhere. When I now try to navigate to the web-console, I get :

      type Status report (HTTP error 403)
      
      message Configuration error: Cannot perform access control without an authenticated principal
      
      description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.
      


      Now I guess I was expecting some magic login dialog box to appear. What else do I have to do to make this happen?\

      Any help much appreciated,
      Tim


        • 1. Securing web console
          Juan Jose Cadavid G Newbie

          Hello!! I have spent a lot of hours with the same problem and finally i was able to fix it, just trying out everything because nowhere on the internet i found the solution, so here it is what has worked for me:

          On the web.xml file located at /deploy/jmx-console.war/WEB-INF/, i added this tag, because i found it on another example configuration files of Tomcat. I don't know why hasn't been included in the default file provided by the JBoss installation, so here it is:

           <login-config>
           <auth-method>BASIC</auth-method>
           <realm-name>Secured services</realm-name>
           </login-config>


          I hope this helps!!



          • 2. Re: Securing web console
            Scott Stark Master

            the default web.xml certainly does include a template for securing the war:

            
             <login-config>
             <auth-method>BASIC</auth-method>
             <realm-name>JBoss JMX Console</realm-name>
             </login-config>
            


            http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole


            • 3. Re: Securing web console
              Tim Putnam Newbie

              You're an absolute star, thats exactly what I needed.

              Thankyou.

              "bo0m3r4n9" wrote:
              Hello!! I have spent a lot of hours with the same problem and finally i was able to fix it, just trying out everything because nowhere on the internet i found the solution, so here it is what has worked for me:

              On the web.xml file located at /deploy/jmx-console.war/WEB-INF/, i added this tag, because i found it on another example configuration files of Tomcat. I don't know why hasn't been included in the default file provided by the JBoss installation, so here it is:

               <login-config>
               <auth-method>BASIC</auth-method>
               <realm-name>Secured services</realm-name>
               </login-config>


              I hope this helps!!



              • 4. Re: Securing web console
                Juan Jose Cadavid G Newbie

                Oh I see, I didn't read the wiki because I was following the "Getting Started with JBoss 4.0 release 4". I'll keep it in mind next time.

                • 5. Re: Securing web console
                  maulik shah Newbie

                  Hi All,

                  The above mentioned coed wores for me also.But now I want to enable encrypted password instead of plain text password which is stored in the users.properties for jmx-console.
                  I mean i have to store encrypted password instead of plain text password in the users.properties file.

                  Can anyone help?

                  Thanks
                  Maulik