2 Replies Latest reply on Jun 13, 2006 10:32 AM by Joe Cool

    security service from Getting Started manual

    Joe Cool Newbie

      I tried to perform the security service modifications in the getting started guide that describe how to password protect the jmx-console. Now when I try to access the console I get a simple access denied message. I haven't seen any output in any log file or the console.

      I am using JBOSS 4_0_4GA on a windows on a Windows XP machine with service pack 2.

      I tried to recomment out the <security-domain>java:/jaas/jmx-console</security-domain> line in th e C:\Program Files\jboss-4.0.4.GA\server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml file, but I still get the same error. I thought this would have removed the password restriction for th ejmx-console.

      thanks,

      Tim

        • 1. Re: security service from Getting Started manual
          VisolveGroup Novice

          Hello,

          For securing the jmx-console we have to edit the following files in the path: /server/default/deploy/jmx-console.war/WEB-INF/


          1. Edit the web.xml and uncomment the security-constraint block.

          2. Edit the jboss-web.xml and uncomment the security-domain block.

          3. Check the files jmx-console-roles.properties and jmx-console-users.properties in the path : /server/default//conf/props/

          In jmx-console-users.properties file, it contains admin=admin that is {username}={password}.

          4. Now run the jboss and when u click for jmx-console, it askes for the username and password. Give Username as"admin" and password as "admin".

          For more information refer the following link.

          http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole


          Regards,
          Visolve JBoss Team.

          • 2. Re: security service from Getting Started manual
            Joe Cool Newbie

            thanks. It looks like all the instructions are the same, which is good. I think I editted everything thing according to the instructions, but I still get the same thing. If I comment out the security-constraint in the web.xml file and leave all the jboss-web.xml uncommented I can access the page again, but with no security. I am listing the contents of the stated files along with their absolute path (sorry in advance for the length). thanks for the help - Tim

            here is the web.xml C:\Program Files\jboss-4.0.4.GA\server\default\deploy\jmx-console.war\WEB-INF\web-xml

            <!-- A security constraint that restricts access to the HTML JMX console
            to users with the role JBossAdmin. Edit the roles to what you want and
            uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
            secured access to the HTML JMX console.
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>HtmlAdaptor</web-resource-name>
            An example security config that only allows users with the
            role JBossAdmin to access the HTML JMX console web application

            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>JBossAdmin</role-name>
            </auth-constraint>
            </security-constraint>
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Public</web-resource-name>
            <url-pattern>/public/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>
            </security-constraint>
            -->

            C:\Program Files\jboss-4.0.4.GA\server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml:
            <jboss-web>
            <!-- Uncomment the security-domain to enable security. You will
            need to edit the htmladaptor login configuration to setup the
            login modules used to authentication users.
            -->
            <security-domain>java:/jaas/jmx-console</security-domain>
            </jboss-web

            C:\Program Files\jboss-4.0.4.GA\server\default\conf\props\jmx-console-roles.properties
            # A sample users.properties file for use with the UsersRolesLoginModule
            admin=JBossAdmin,HttpInvoke

            C:\Program Files\jboss-4.0.4.GA\server\default\conf\props\jmx-console-users.properties
            # A sample users.properties file for use with the UsersRolesLoginModule
            admin=admin