Buggy sentence: "If you've configured everything correctly and re-deployed the
application, the next time you try to access the JMX Console, JBoss will ask you for a
name and password."
Bug: Even if the reader follows meticulously the steps enumerated in the section, JBoss
does not ask for a name and password. Instead, an error message is displayed: "HTTP
Status 403 - Access to the requested resource has been denied".
Reason for the bug: The deploy/jmx-cosole.war/WEB-INF/web.xml file doesn't contain a
"login-config" element. In order that an authentication dialog pops up, a
"login-config" element must be present as a child of the root element (i.e.
"web-app"). It must take the following form:
<login-config>
| <auth-method>XXX</auth-method>
| <realm-name>YYY</realm-name>
| </login-config>
where XXX is one of "BASIC", "DIGEST", "FORM", and
"CLIENT-CERT", and YYY is a string to be displayed on the authentication
dialog.
Bug fix: Add to the section instructions to add to the web.xml file a proper
"login-config" element, as described above.
References:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss (point
1).
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064728#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...