a)Secure the Jboss 4 and 5 JMX console
b)Secure the Jboss 4 and 5 Web Console
a)Secure the Jboss 4 and 5 JMX console
How to secure the JMX Console
I am using jboss-5.1.0.GA. If you are using a different version then the names of the directories and files may differ.
Step 1: jboss-web.xml
Uncomment the
Step 2: web.xml
Uncomment the following section in the JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml file.
HtmlAdaptor
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
/*
GET
POST
JBossAdmin
Step 3: Set the username, password and role
Set the username and password in the JBOSS_HOME/server/default/conf/props/jmx-console-users.properties file. Example: admin=password
Set the role in the JBOSS_HOME/server/default/conf/props/jmx-console-roles.properties file. Example: admin=JBossAdmin,HttpInvoker
Step 4: login-config.xml
Ensure that the JBOSS_HOME/server/default/conf/login-config.xml file is configured to use the correct properties files for the jmx-console
flag = "required">
props/jmx-console-users.properties
props/jmx-console-roles.properties
Now when you try to access the jmx-console, via http://localhost:8080/jmx-console, you will be prompted to login.
b)Secure the Jboss 4 and 5 Web Console
The steps to secure the web-console are very similar to the steps above. Take note of the following:
For steps 1 and 2:
The jboss-web.xml file and the web.xml file for the web-console can be found in theJBOSS_HOME\server\default\deploy\management\console-mgr.sar\web-console.war\WEB-INF directory.
For step 3:
You can either use the same jmx-console-users.properties and jmx-console-roles.properties files or you can create new web-console-users.properties and web-console-roles.properties files to configure the username, password and role.
For step 4:
Ensure that the JBOSS_HOME/server/default/conf/login-config.xml file is configured to use the correct properties files for the web-console.
The web-console will now prompt the user to login.
