8 Replies Latest reply on Dec 17, 2002 5:18 PM by Vinay Salehithal

    Password-protect Jboss Admin page

    Sone Newbie

      Hello all, I'm new to Jboss community.
      I have searched through the Jboss documents and forum but could not find a way to make Jboss Admin page
      http://host:8080/jmx-console
      to become password-protected, unless I write my own code. Do you have any idea please?

      STV

        • 1. Re: Password-protect Jboss Admin page
          Juha Lindfors Master

          jmx-console is a servlet, adding standard web tier security to web.xml should do the job

          • 2. Re: Password-protect Jboss Admin page
            Sone Newbie

            Thank you very much

            • 3. Re: Password-protect Jboss Admin page
              dennis labajo Newbie

              By uncommenting the security sections of the web.xml (<security-constraint>) and jboss-web.xml (<security-domain>) descriptors you enable HTTP basic authentication that restricts access to the jmx-console application to username=admin, password=admin. The username and password are determined by the admin=admin line in the
              WEB-INF/classes/users.properties file.

              • 4. Re: Password-protect Jboss Admin page
                Vinay Salehithal Newbie

                hello...

                i have changed the web.xml, jboss-web.xml files as required (removed the security related comments). also i have added users.properties,roles.properties to web-inf/classes folder. Now, when i invoke http://localhost:8080/jmx-console, it gives a pop-up for userid/passwd but even though i enter the correct credentials it shows a "Error 403: access to requested resource denied" error.

                any help wd be appreciated, as to why this is happeneing.

                thanks & regards

                • 5. Re: Password-protect Jboss Admin page
                  dennis labajo Newbie

                  C:\%jboss_dist%\server\default\deploy\jmx-console.war\WEB-INF\classes\users.properties contains the userid and password. For example,

                  user1=password1

                  Then in C:\<%jboss_dist%>\server\default\deploy\jmx-console.war\WEB-INF\classes\roles.properties, make sure you grant user1 the "JBossAdmin" role. For example,

                  user1=JBossAdmin

                  Access the jmx-console http://:8080/jmx-console and enter the userid and password you defined in users.properties. In the above example, its user1 (userid) and password1 (password).

                  If you want to change the userid and password, all you have to do is modify the users.properties using syntax =. Whatever userid you defined in users.properties, dont forget to grant it the "JBossAdmin" role in roles.properties using syntax: =

                  Note: the users.properties and roles.properties that you should modify for the jmx-console security should be the ones in the <jboss_dist>.....\jmx-console.war\WEB-INF\classes\

                  Hope this helps.

                  • 6. Re: Password-protect Jboss Admin page
                    Vinay Salehithal Newbie

                    i have done excatly as mentioned, still it gives me 403 access denied error, even though i enter the correct credentials... do we need to change anything in login-config.xml

                    • 7. Re: Password-protect Jboss Admin page
                      dennis labajo Newbie

                      I didnt have to modify the login-config.xml to secure the jmx-console page.

                      When you typed in the url in your browser, did you even get to the part where a small window pops up and asks for a userid and password? Because if you did and you're not entering the userid correctly, the message you get should be 401 - Unauthorized.

                      I've encountered "403 - Access to the requested resource has been denied" error message before. And this happens to me only when I try to access the jmx-console page through IIS web server, "http://localhost/jmx-console" (I've setup my configuration to pass through IIS and do a redirect to my Apache/Tomcat - Jboss Installation). But if I go through the other http route using "http://localhost:8080/jmx-console", the userid/password authentication works perfectly for me.
                      Your setup may be different but if you use the same configuration as I do, try accessing the jmx-console via the 8080 route.

                      Other than that I cant think of other things that would cause your authentication not to work. Did you try to restart jboss?

                      Sorry if i cant be of much help, i'm a jboss newbie. Try posting this on the Installation/Configuration forum.

                      • 8. Re: Password-protect Jboss Admin page
                        Vinay Salehithal Newbie

                        problem solved.

                        seems like there was a older copy of roles.properties lying in default/conf folder, which was causing the issues.

                        thanks for yr time.

                        cheers