I had already implied the security on JMX console and Web console. User ID and password are required to logon JMX console and Web console.
However when I click
It shows many setting information. How to add authentication on these 3 links only? Or how to disable this 3 links to return JBoss information?
You can either apply similar security settings to the root application, or you can remove the root application.
The root application is located at server/xxx/deploy/jboss-web.deployer/ROOT.war, where 'xxx' is the configuration you are running.