[jboss-user] [Security & JAAS/JBoss] - Problem loading Web-Console AppletBrowser after Securing Con

JohnHolmes123 do-not-reply at jboss.com
Thu Nov 6 14:43:35 EST 2008


All,

Ive secured the jmx-console and web-console for Jboss5. Jmx works great, accepts uid/password, and the web-console is accepting my uid/password, but when accessing it, the navtree.AppletBrowser fails to load.... and I see this error returned:


  | http://server1:8080/web-console/Invoker
  | java.io.EOFException
  | 	at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown Source)
  | 	at java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source)
  | 	at java.io.ObjectInputStream.readStreamHeader(Unknown Source)
  | 	at java.io.ObjectInputStream.<init>(Unknown Source)
  | 	at org.jboss.console.remote.InvokerServlet.processRequest(InvokerServlet.java:95)
  | 	at org.jboss.console.remote.InvokerServlet.doPost(InvokerServlet.java:148)
  | 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
  | 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  | 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
  | 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  | 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
  | 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  | 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
  | 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
  | 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:189)
  | 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
  | 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:91)
  | 	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:92)
  | 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
  | 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
  | 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
  | 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  | 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
  | 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
  | 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
  | 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  | 	at java.lang.Thread.run(Unknown Source)
  | 
  | 
  | 

Here's what ive changed, please let me know what's wrong?

1. Edit file $JBOSSHOME/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml


  | <!DOCTYPE jboss-web PUBLIC
  |    "-//JBoss//DTD Web Application 5.0//EN"
  |    "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
  | 
  | <jboss-web>
  |    <!-- Uncomment the security-domain to enable security. You will
  |       need to edit the htmladaptor login configuration to setup the
  |       login modules used to authentication users.  -->
  |       <security-domain>java:/jaas/jmx-console</security-domain>
  | </jboss-web>
  | 

2. Edit file $JBOSSHOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml


  | <!-- A security constraint that restricts access to the HTML JMX console
  |    to users with the role JBossAdmin. Edit the roles to what you want and
  |    uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
  |    secured access to the HTML JMX console. -->
  |    <security-constraint>
  |      <web-resource-collection>
  |        <web-resource-name>HtmlAdaptor</web-resource-name>
  |        <description>An example security config that only allows users with the
  |          role JBossAdmin to access the HTML JMX console web application
  |        </description>
  |        <url-pattern>/*</url-pattern>
  |        <http-method>GET</http-method>
  |        <http-method>POST</http-method>
  |      </web-resource-collection>
  |      <auth-constraint>
  |        <role-name>JBossAdmin</role-name>
  |      </auth-constraint>
  |    </security-constraint>
  | 

3. Edit/create files $JBOSSHOME/server/default/conf:
jmx-console-users.properties
jmx-console-roles.properties
web-console-roles.properties
web-console-users.properties

set the admin user/pass, edit the login-config.xml and point the web-console to props/

At this point after a restart the jmx console will prompt for a uid/password but the web-console will not. So I edit these files, make the same changes as above step 1-2:

4. Edit: 
$JBOSSHOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF

jboss-web.xml & web.xml


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187504#4187504

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187504



More information about the jboss-user mailing list