[Management, JMX/JBoss] - Re: Securing JMX console (JBoss)
by mcdan311
this is the correct script:
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
</web-app>
Please disregard previous script.
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141735#4141735
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4141735
18 years
[Management, JMX/JBoss] - Re: Securing JMX console (JBoss)
by mcdan311
This is the results to the script:
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
<security-constraint>
-->
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
</web-app>
I'm still a little confuse with the modifications. After making the changes and ran a security scan on the server it is still coming up with the vulnerability. So did I make the correct changes above ?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141734#4141734
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4141734
18 years
[JBoss jBPM] - Can we have a sytem bug discussion?
by fsk1234
Since I have worked with jBPM for a while and discovered several system bugs. I think it would save a lot of time if I knew those bugs before.
Can we just post the bugs of specific version on the top of the forum?
Here are 2 that I foundï¼V 3.2.1ï¼ï¼
1. Transistion button in task forms (If you use eclipse to generate those forms, it is <tf:transitionButton to="XXX" value="XXX"/>. But it should be "<tf:transitionButton transition="XXX" value="XXX"/>").
2. If you change one of the task forms and did not change the .jpdl, you will get erro when you try to deploy even if they are correct. All you need to do it to pretend to modify the .jpdl file (for example, move the position of a node, delete something and restore that), then you can deploy correctly.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141733#4141733
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4141733
18 years