[jboss-user] [JBoss Getting Started Documentation] - Section 2.2.3: Security Service. A documentation bug.

berliita do-not-reply at jboss.com
Mon Jul 16 16:38:20 EDT 2007


Buggy sentence: "If you've configured everything correctly and re-deployed the application, the next time you try to access the JMX Console, JBoss will ask you for a name and password."

Bug: Even if the reader follows meticulously the steps enumerated in the section, JBoss does not ask for a name and password. Instead, an error message is displayed: "HTTP Status 403 - Access to the requested resource has been denied".

Reason for the bug: The deploy/jmx-cosole.war/WEB-INF/web.xml file doesn't contain a "login-config" element. In order that an authentication dialog pops up, a "login-config" element must be present as a child of the root element (i.e. "web-app"). It must take the following form:
<login-config>
  |    <auth-method>XXX</auth-method>
  |    <realm-name>YYY</realm-name>
  | </login-config>
where XXX is one of "BASIC", "DIGEST", "FORM", and "CLIENT-CERT", and YYY is a string to be displayed on the authentication dialog.

Bug fix: Add to the section instructions to add to the web.xml file a proper "login-config" element, as described above.

References: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss (point 1).


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064728#4064728

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064728



More information about the jboss-user mailing list