Version 4

    Secure the JMX Connection

    To secure the JMX Connection, edit the server/xxx/deploy/jmx-invoker-service.xml and uncomment the following section as the comment indicates:


                <!-- Uncomment to require authenticated users
                      <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"


    This enables authentication of users based on the JAAS configuration associated with the securityDomain attribute. In this case, the same jmx-console entry in the conf/login-config.xml that is used to authentication jmx-console.war users is configured.


    The JMX connection client must provide the login info. This can also be done using JAAS, or an InitialContextFactory like which will simply propagate the Context.SECURITY_PRINCIPAL, Context.SECURITY_CREDENTIALS settings as the login information.