[jboss-cvs] JBossAS SVN: r92043 - projects/docs/enterprise/5.0/Installation_Guide/en-US.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 5 19:35:52 EDT 2009
Author: irooskov at redhat.com
Date: 2009-08-05 19:35:52 -0400 (Wed, 05 Aug 2009)
New Revision: 92043
Added:
projects/docs/enterprise/5.0/Installation_Guide/en-US/Appendix.xml
Modified:
projects/docs/enterprise/5.0/Installation_Guide/en-US/Installation_Guide.xml
projects/docs/enterprise/5.0/Installation_Guide/en-US/Post_Installation.xml
Log:
updated book with new Appendix chapter
Added: projects/docs/enterprise/5.0/Installation_Guide/en-US/Appendix.xml
===================================================================
--- projects/docs/enterprise/5.0/Installation_Guide/en-US/Appendix.xml (rev 0)
+++ projects/docs/enterprise/5.0/Installation_Guide/en-US/Appendix.xml 2009-08-05 23:35:52 UTC (rev 92043)
@@ -0,0 +1,175 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
+]>
+
+<appendix id="Disabling_Authentication">
+ <title>Disabling Authentication</title>
+ <para>
+ It is also possible to disable authentication on specific services. All specified paths in the sections below are relative to <literal>$JBOSS_HOME</literal>.
+ </para>
+ <formalpara>
+ <title>Disabling Authentication for JXM Console:</title>
+ <para>
+ To disable authentication for the JMX console, edit the following file and comment out the security-constraint section:
+ </para>
+ </formalpara>
+<programlisting>
+server/$CONFIG/deploy/jmx-console.war/WEB-INF/web.xml
+</programlisting>
+ <para>
+ The following fragment should be commented out:
+ </para>
+<programlisting>
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>HtmlAdaptor</web-resource-name>
+ <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application
+ </description>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>JBossAdmin</role-name>
+ </auth-constraint>
+</security-constraint>
+</programlisting>
+ <formalpara>
+ <title>Disabling Authentication for Web Console:</title>
+ <para>
+ To disable authentication for the Web console, edit the following file to comment out the security-constraint section:
+ </para>
+ </formalpara>
+<programlisting>
+server/$CONFIG/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml
+</programlisting>
+ <para>
+ The following fragment should be commented out:
+ </para>
+<programlisting>
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>HtmlAdaptor</web-resource-name>
+ <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application
+ </description>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>JBossAdmin</role-name>
+ </auth-constraint>
+</security-constraint>
+</programlisting>
+ <formalpara>
+ <title>Disabling Authentication for HTTP Invoker:</title>
+ <para>
+ To disable authentication for the http invoker, <literal>JNDIFactory</literal>, <literal>EJBInvokerServlet</literal>, and <literal>JMXInvokerServlet</literal> need to be removed from the security realm in the file:
+ </para>
+ </formalpara>
+<programlisting>
+server/$CONFIG/deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml
+</programlisting>
+ <para>
+ For example, the security-constraint element should look as follows:
+ </para>
+<programlisting>
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>HttpInvokers</web-resource-name>
+ <description>An example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets
+ </description>
+ <url-pattern>/restricted/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>HttpInvoker</role-name>
+ </auth-constraint>
+</security-constraint>
+</programlisting>
+ <formalpara>
+ <title>Disabling Authentication for JMX Invoker:</title>
+ <para>
+ To disable authentication for the JMX invoker, edit the following file to comment out the security interceptor passthrough:
+ </para>
+ </formalpara>
+<programlisting>
+server/$CONFIG/deploy/jmx-invoker-service.xml
+</programlisting>
+ <para>
+ Locate the mbean section with the class <literal>org.jboss.jmx.connector.invoker.InvokerAdaptorService</literal>. In that section comment out the line that relates to authenticated users:
+ </para>
+ <para>
+ The following fragment should be commented out:
+ </para>
+<programlisting>
+<descriptors>
+ <interceptors>
+ <! Uncomment to require authenticated users >
+ <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"securityDomain="java:/jaas/jmx-console"/>
+ <! Interceptor that deals with non-serializable results >
+ <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"policyClass="StripModelMBeanInfoPolicy"/>
+ </interceptors>
+</descriptors>
+</programlisting>
+ <formalpara>
+ <title>Disabling Authentication for the ProfileService:</title>
+ <para>
+ To disable authentication for the <literal>ProfileService</literal>, edit the following file and comment out the contents of the <literal>serverProxyInterceptors</literal> list:
+ </para>
+ </formalpara>
+<programlisting>
+deploy/profileservice-jboss-beans.xml
+</programlisting>
+ <para>
+ The following fragment should be commented out:
+ </para>
+<programlisting>
+<bean class="org.jboss.aspects.security.AuthenticationInterceptor">
+ <constructor>
+ <parameter>
+ <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager" parameter="jmx-console"/>
+ </parameter>
+ </constructor>
+</bean>
+<bean class="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor">
+ <constructor>
+ <parameter>
+ <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager" parameter="jmx-console"/>
+ </parameter>
+ <parameter>
+ <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager" parameter="jmx-console"/>
+ </parameter>
+ </constructor>
+</bean>
+</programlisting>
+ <formalpara>
+ <title>Disabling Authentication for JBossWS:</title>
+ <para>
+ To disable authentication for JBossWS, edit the following file and comment out the <literal>security-constraint</literal>:
+ </para>
+ </formalpara>
+<programlisting>
+deploy/jbossws.sar/jbossws-management.war/WEB-INF/web.xml
+</programlisting>
+ <para>
+ The following fragment should be commented out:
+ </para>
+<programlisting>
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>ContextServlet</web-resource-name>
+ <description>An example security config that only allows users with the role 'friend' to access the JBossWS console web application
+ </description>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>friend</role-name>
+ </auth-constraint>
+</security-constraint>
+</programlisting>
+
+</appendix>
Modified: projects/docs/enterprise/5.0/Installation_Guide/en-US/Installation_Guide.xml
===================================================================
--- projects/docs/enterprise/5.0/Installation_Guide/en-US/Installation_Guide.xml 2009-08-05 23:15:31 UTC (rev 92042)
+++ projects/docs/enterprise/5.0/Installation_Guide/en-US/Installation_Guide.xml 2009-08-05 23:35:52 UTC (rev 92043)
@@ -13,7 +13,8 @@
<xi:include href="Post_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Uninstall_JBoss.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Test_Your_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-<xi:include href="Running_An_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Running_An_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Appendix.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Revision_History.xml"/>
</book>
Modified: projects/docs/enterprise/5.0/Installation_Guide/en-US/Post_Installation.xml
===================================================================
--- projects/docs/enterprise/5.0/Installation_Guide/en-US/Post_Installation.xml 2009-08-05 23:15:31 UTC (rev 92042)
+++ projects/docs/enterprise/5.0/Installation_Guide/en-US/Post_Installation.xml 2009-08-05 23:35:52 UTC (rev 92043)
@@ -113,111 +113,4 @@
</para>
</formalpara>
</section>
-<!-- <section id="Disabling_Authentication">
- <title>Disabling Authentication</title>
- <para>
- It is also possible to disable authentication on specific services. All specified paths in the sections below are relative to <literal>$JBOSS_HOME</literal>.
- </para>
- <formalpara>
- <title>Disabling Authentication for JXM Console:</title>
- <para>
- To disable authentication for the JMX console, edit the following file and comment out the security-constraint section:
- <programlisting>
-server/$CONFIG/deploy/jmx-console.war/WEB-INF/web.xml
- </programlisting>
- The following fragment should be commented out:
- <programlisting>
-<security-constraint>
- <web-resource-collection>
- <web-resource-name>HtmlAdaptor</web-resource-name>
- <description>An example security config that only allows
-users with the
-role JBossAdmin to access the HTML JMX console web application
- </description>
- <url-pattern>/*</url-pattern>
- <http-method>GET</http-method>
- <http-method>POST</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>JBossAdmin</role-name>
- </auth-constraint>
-</security-constraint>
- </programlisting>
- </para>
- </formalpara>
- <formalpara>
- <title>Disabling Authentication for Web Console:</title>
- <para>
- To disable authentication for the Web console, edit the following file to comment out the security-constraint section:
- <programlisting>
-server/$CONFIG/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml
- </programlisting>
- The following fragment should be commented out:
- <programlisting>
-<security-constraint>
- <web-resource-collection>
- <web-resource-name>HtmlAdaptor</web-resource-name>
- <description>An example security config that only allows
-users with the role JBossAdmin to access the HTML JMX console web application
- </description>
- <url-pattern>/*</url-pattern>
- <http-method>GET</http-method>
- <http-method>POST</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>JBossAdmin</role-name>
- </auth-constraint>
-</security-constraint>
- </programlisting>
- </para>
- </formalpara>
- <formalpara>
- <title>Disabling Authentication for HTTP Invoker:</title>
- <para>
- To disable authentication for the http invoker, <literal>JNDIFactory</literal>, <literal>EJBInvokerServlet</literal>, and <literal>JMXInvokerServlet</literal> need to be removed from the security realm in the file:
- <programlisting>
-server/$CONFIG/deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml
- </programlisting>
- For example, the security-constraint element should look as follows:
- <programlisting>
-<security-constraint>
- <web-resource-collection>
- <web-resource-name>HttpInvokers</web-resource-name>
- <description>An example security config that only allows
-users with the role HttpInvoker to access the HTTP invoker servlets
- </description>
- <url-pattern>/restricted/*</url-pattern>
- <http-method>GET</http-method>
- <http-method>POST</http-method>
- </web-resource-collection>
- <auth-constraint>
- <role-name>HttpInvoker</role-name>
- </auth-constraint>
- </security-constraint>
- </programlisting>
- </para>
- </formalpara>
- <formalpara>
- <title>Disabling Authentication for JMX Invoker:</title>
- <para>
- To disable authentication for the JMX invoker, edit the following file to comment out the security interceptor passthrough:
- <programlisting>
-server/$CONFIG/deploy/jmx-invoker-service.xml
- </programlisting>
- Locate the mbean section with the class <literal>org.jboss.jmx.connector.invoker.InvokerAdaptorService</literal>. In that section comment out the line that relates to authenticated users:
- <programlisting> Add in comment out tags if this block is uncommented
-<descriptors>
- <interceptors>
- <! Uncomment to require authenticated users >
- <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
- securityDomain="java:/jaas/jmx-console"/>
- <! Interceptor that deals with non-serializable results >
- <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
- policyClass="StripModelMBeanInfoPolicy"/>
- </interceptors>
-</descriptors>
- </programlisting>
- </para>
- </formalpara>
- </section> -->
</chapter>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list