2 Replies Latest reply on Jul 17, 2007 2:06 AM by Itay Be'erli

    Section 2.2.3: Security Service. A documentation bug.

    Itay Be'erli Newbie

      Buggy sentence: "If you've configured everything correctly and re-deployed the application, the next time you try to access the JMX Console, JBoss will ask you for a name and password."

      Bug: Even if the reader follows meticulously the steps enumerated in the section, JBoss does not ask for a name and password. Instead, an error message is displayed: "HTTP Status 403 - Access to the requested resource has been denied".

      Reason for the bug: The deploy/jmx-cosole.war/WEB-INF/web.xml file doesn't contain a "login-config" element. In order that an authentication dialog pops up, a "login-config" element must be present as a child of the root element (i.e. "web-app"). It must take the following form:

      <login-config>
       <auth-method>XXX</auth-method>
       <realm-name>YYY</realm-name>
      </login-config>

      where XXX is one of "BASIC", "DIGEST", "FORM", and "CLIENT-CERT", and YYY is a string to be displayed on the authentication dialog.

      Bug fix: Add to the section instructions to add to the web.xml file a proper "login-config" element, as described above.

      References: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss (point 1).