Section 2.2.3: Security Service. A documentation bug.

berliita Jul 16, 2007 4:38 PM

Buggy sentence: "If you've configured everything correctly and re-deployed the application, the next time you try to access the JMX Console, JBoss will ask you for a name and password."

Bug: Even if the reader follows meticulously the steps enumerated in the section, JBoss does not ask for a name and password. Instead, an error message is displayed: "HTTP Status 403 - Access to the requested resource has been denied".

Reason for the bug: The deploy/jmx-cosole.war/WEB-INF/web.xml file doesn't contain a "login-config" element. In order that an authentication dialog pops up, a "login-config" element must be present as a child of the root element (i.e. "web-app"). It must take the following form:

<login-config>
 <auth-method>XXX</auth-method>
 <realm-name>YYY</realm-name>
</login-config>

where XXX is one of "BASIC", "DIGEST", "FORM", and "CLIENT-CERT", and YYY is a string to be displayed on the authentication dialog.

Bug fix: Add to the section instructions to add to the web.xml file a proper "login-config" element, as described above.

References: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss (point 1).

1. Re: Section 2.2.3: Security Service. A documentation bug.

berliita Jul 16, 2007 6:09 PM (in response to berliita)

BTW, i'm using JBoss 4.0.5.
Actions
2. Re: Section 2.2.3: Security Service. A documentation bug.

berliita Jul 17, 2007 2:06 AM (in response to berliita)

Should i report this bug on JIRA?
Actions

Go to original post