[jboss-user] [Security & JAAS/JBoss] - Problem loading Web-Console AppletBrowser after Securing Con
JohnHolmes123
do-not-reply at jboss.com
Thu Nov 6 14:43:35 EST 2008
All,
Ive secured the jmx-console and web-console for Jboss5. Jmx works great, accepts uid/password, and the web-console is accepting my uid/password, but when accessing it, the navtree.AppletBrowser fails to load.... and I see this error returned:
| http://server1:8080/web-console/Invoker
| java.io.EOFException
| at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown Source)
| at java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source)
| at java.io.ObjectInputStream.readStreamHeader(Unknown Source)
| at java.io.ObjectInputStream.<init>(Unknown Source)
| at org.jboss.console.remote.InvokerServlet.processRequest(InvokerServlet.java:95)
| at org.jboss.console.remote.InvokerServlet.doPost(InvokerServlet.java:148)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:189)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:91)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:92)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Unknown Source)
|
|
|
Here's what ive changed, please let me know what's wrong?
1. Edit file $JBOSSHOME/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml
| <!DOCTYPE jboss-web PUBLIC
| "-//JBoss//DTD Web Application 5.0//EN"
| "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
|
| <jboss-web>
| <!-- Uncomment the security-domain to enable security. You will
| need to edit the htmladaptor login configuration to setup the
| login modules used to authentication users. -->
| <security-domain>java:/jaas/jmx-console</security-domain>
| </jboss-web>
|
2. Edit file $JBOSSHOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml
| <!-- A security constraint that restricts access to the HTML JMX console
| to users with the role JBossAdmin. Edit the roles to what you want and
| uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
| secured access to the HTML JMX console. -->
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>HtmlAdaptor</web-resource-name>
| <description>An example security config that only allows users with the
| role JBossAdmin to access the HTML JMX console web application
| </description>
| <url-pattern>/*</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
| <auth-constraint>
| <role-name>JBossAdmin</role-name>
| </auth-constraint>
| </security-constraint>
|
3. Edit/create files $JBOSSHOME/server/default/conf:
jmx-console-users.properties
jmx-console-roles.properties
web-console-roles.properties
web-console-users.properties
set the admin user/pass, edit the login-config.xml and point the web-console to props/
At this point after a restart the jmx console will prompt for a uid/password but the web-console will not. So I edit these files, make the same changes as above step 1-2:
4. Edit:
$JBOSSHOME/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF
jboss-web.xml & web.xml
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187504#4187504
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187504
More information about the jboss-user
mailing list