[jboss-svn-commits] JBL Code SVN: r13189 - in labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default: conf/props and 3 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Jul 6 16:07:13 EDT 2007
Author: adamw
Date: 2007-07-06 16:07:13 -0400 (Fri, 06 Jul 2007)
New Revision: 13189
Added:
labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/
labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample
labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/
labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/
labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml
Log:
Securing the jmx-console
Property changes on: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props
___________________________________________________________________
Name: svn:ignore
+ jmx-console-users.properties
Added: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample
===================================================================
--- labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample (rev 0)
+++ labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample 2007-07-06 20:07:13 UTC (rev 13189)
@@ -0,0 +1,2 @@
+# A sample users.properties file for use with the UsersRolesLoginModule
+admin=admin
Added: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
===================================================================
--- labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml (rev 0)
+++ labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml 2007-07-06 20:07:13 UTC (rev 13189)
@@ -0,0 +1,6 @@
+<jboss-web>
+ <!-- Uncomment the security-domain to enable security. You will
+ need to edit the htmladaptor login configuration to setup the
+ login modules used to authentication users.-->
+ <security-domain>java:/jaas/jmx-console</security-domain>
+</jboss-web>
Added: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml
===================================================================
--- labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml (rev 0)
+++ labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml 2007-07-06 20:07:13 UTC (rev 13189)
@@ -0,0 +1,111 @@
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+ <description>The standard web descriptor for the html adaptor</description>
+ <!--
+ <filter>
+ <filter-name>JmxOpsAccessControlFilter</filter-name>
+ <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
+ <init-param>
+ <param-name>updateAttributes</param-name>
+ <param-value>UpdateAttributeRole</param-value>
+ <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
+ </init-param>
+ <init-param>
+ <param-name>invokeOp</param-name>
+ <param-value>InvokeOpRole</param-value>
+ <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
+ </init-param>
+ </filter>
+ <filter-mapping>
+ <filter-name>JmxOpsAccessControlFilter</filter-name>
+ <servlet-name>HtmlAdaptor</servlet-name>
+ </filter-mapping>
+ -->
+ <servlet>
+ <servlet-name>HtmlAdaptor</servlet-name>
+ <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>ClusteredConsoleServlet</servlet-name>
+ <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
+ <init-param>
+ <param-name>jgProps</param-name>
+ <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=45566):
+org.jboss.jmx.adaptor.control.FindView
+ </param-value>
+ <description>The JGroups protocol stack config</description>
+ </init-param>
+ </servlet>
+ <servlet>
+ <servlet-name>DisplayMBeans</servlet-name>
+ <jsp-file>/displayMBeans.jsp</jsp-file>
+ </servlet>
+ <servlet>
+ <servlet-name>InspectMBean</servlet-name>
+ <jsp-file>/inspectMBean.jsp</jsp-file>
+ </servlet>
+ <servlet>
+ <servlet-name>DisplayOpResult</servlet-name>
+ <jsp-file>/displayOpResult.jsp</jsp-file>
+ </servlet>
+ <servlet>
+ <servlet-name>ClusterView</servlet-name>
+ <jsp-file>/cluster/clusterView.jsp</jsp-file>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>HtmlAdaptor</servlet-name>
+ <url-pattern>/HtmlAdaptor</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>ClusteredConsoleServlet</servlet-name>
+ <url-pattern>/cluster/ClusteredConsole</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>DisplayMBeans</servlet-name>
+ <url-pattern>/DisplayMBeans</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>InspectMBean</servlet-name>
+ <url-pattern>/InspectMBean</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>DisplayOpResult</servlet-name>
+ <url-pattern>/DisplayOpResult</url-pattern>
+ </servlet-mapping>
+
+ <!-- A security constraint that restricts access to the HTML JMX console
+ to users with the role JBossAdmin. Edit the roles to what you want and
+ uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+ secured access to the HTML JMX console.-->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>HtmlAdaptor</web-resource-name>
+ <description>An example security config that only allows users with the
+ role JBossAdmin to access the HTML JMX console web application
+ </description>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>JBossAdmin</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>JBoss JMX Console</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>JBossAdmin</role-name>
+ </security-role>
+</web-app>
More information about the jboss-svn-commits
mailing list