[jboss-svn-commits] JBL Code SVN: r13189 - in labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default: conf/props and 3 other directories.

[jboss-svn-commits at lists.jboss.org]

Author: adamw
Date: 2007-07-06 16:07:13 -0400 (Fri, 06 Jul 2007)
New Revision: 13189

Added:
   labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/
   labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample
   labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/
   labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/
   labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
   labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml
Log:
Securing the jmx-console


Property changes on: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props
___________________________________________________________________
Name: svn:ignore
   + jmx-console-users.properties


Added: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample
===================================================================
--- labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample	                        (rev 0)
+++ labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/conf/props/jmx-console-users.properties.sample	2007-07-06 20:07:13 UTC (rev 13189)
@@ -0,0 +1,2 @@
+# A sample users.properties file for use with the UsersRolesLoginModule
+admin=admin

Added: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
===================================================================
--- labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml	                        (rev 0)
+++ labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml	2007-07-06 20:07:13 UTC (rev 13189)
@@ -0,0 +1,6 @@
+<jboss-web>
+   <!-- Uncomment the security-domain to enable security. You will
+      need to edit the htmladaptor login configuration to setup the
+      login modules used to authentication users.-->
+      <security-domain>java:/jaas/jmx-console</security-domain>
+</jboss-web>

Added: labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml
===================================================================
--- labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml	                        (rev 0)
+++ labs/jbosslabs/trunk/portal-extensions/configuration/to-copy/server/default/deploy/jmx-console.war/WEB-INF/web.xml	2007-07-06 20:07:13 UTC (rev 13189)
@@ -0,0 +1,111 @@
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+   "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+   "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+   <description>The standard web descriptor for the html adaptor</description>
+   <!--
+    <filter>
+      <filter-name>JmxOpsAccessControlFilter</filter-name>
+      <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
+      <init-param>
+        <param-name>updateAttributes</param-name>
+        <param-value>UpdateAttributeRole</param-value>
+        <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
+      </init-param>
+      <init-param>
+        <param-name>invokeOp</param-name>
+        <param-value>InvokeOpRole</param-value>
+        <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
+      </init-param>
+   </filter>
+   <filter-mapping>
+      <filter-name>JmxOpsAccessControlFilter</filter-name>
+      <servlet-name>HtmlAdaptor</servlet-name>
+   </filter-mapping>
+   -->
+   <servlet>
+      <servlet-name>HtmlAdaptor</servlet-name>
+      <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
+   </servlet>
+   <servlet>
+      <servlet-name>ClusteredConsoleServlet</servlet-name>
+      <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
+      <init-param>
+         <param-name>jgProps</param-name>
+         <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=45566):
+org.jboss.jmx.adaptor.control.FindView
+         </param-value>
+         <description>The JGroups protocol stack config</description>
+      </init-param>
+   </servlet>
+   <servlet>
+      <servlet-name>DisplayMBeans</servlet-name>
+      <jsp-file>/displayMBeans.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>InspectMBean</servlet-name>
+      <jsp-file>/inspectMBean.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>DisplayOpResult</servlet-name>
+      <jsp-file>/displayOpResult.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>ClusterView</servlet-name>
+      <jsp-file>/cluster/clusterView.jsp</jsp-file>
+   </servlet>
+
+   <servlet-mapping>
+      <servlet-name>HtmlAdaptor</servlet-name>
+      <url-pattern>/HtmlAdaptor</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>ClusteredConsoleServlet</servlet-name>
+      <url-pattern>/cluster/ClusteredConsole</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>DisplayMBeans</servlet-name>
+      <url-pattern>/DisplayMBeans</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>InspectMBean</servlet-name>
+      <url-pattern>/InspectMBean</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>DisplayOpResult</servlet-name>
+      <url-pattern>/DisplayOpResult</url-pattern>
+   </servlet-mapping>
+
+   <!-- A security constraint that restricts access to the HTML JMX console
+   to users with the role JBossAdmin. Edit the roles to what you want and
+   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+   secured access to the HTML JMX console.-->
+   <security-constraint>
+     <web-resource-collection>
+       <web-resource-name>HtmlAdaptor</web-resource-name>
+       <description>An example security config that only allows users with the
+         role JBossAdmin to access the HTML JMX console web application
+       </description>
+       <url-pattern>/*</url-pattern>
+       <http-method>GET</http-method>
+       <http-method>POST</http-method>
+     </web-resource-collection>
+     <auth-constraint>
+       <role-name>JBossAdmin</role-name>
+     </auth-constraint>
+     <user-data-constraint>
+        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+     </user-data-constraint>
+   </security-constraint>
+
+   <login-config>
+      <auth-method>BASIC</auth-method>
+      <realm-name>JBoss JMX Console</realm-name>
+   </login-config>
+
+   <security-role>
+      <role-name>JBossAdmin</role-name>
+   </security-role>
+</web-app>