[jboss-user] [Management, JMX/JBoss] - Re: Securing JMX console (JBoss)

PeterJ do-not-reply at jboss.com
Thu Apr 3 14:38:04 EDT 2008

In XML files, comments are formed as follows:

<!-- this is a comment -->

In the web.xml file for the jmx console, move the


line that appears after the security-constraint end tag to before the security-constraint start tag. It should then look like this:

   <!-- A security constraint that restricts access to the HTML JMX console
  |    to users with the role JBossAdmin. Edit the roles to what you want and
  |    uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
  |    secured access to the HTML JMX console.   -->   <security-constraint>
  |      <web-resource-collection>
  |        <web-resource-name>HtmlAdaptor</web-resource-name>
  |        <description>An example security config that only allows users with the
  |          role JBossAdmin to access the HTML JMX console web application
  |        </description>
  |        <url-pattern>/*</url-pattern>
  |        <http-method>GET</http-method>
  |        <http-method>POST</http-method>
  |      </web-resource-collection>
  |      <auth-constraint>
  |        <role-name>JBossAdmin</role-name>
  |      </auth-constraint>
  |    </security-constraint>
  |    <login-config>
  |    . . .

The line in red is the one that was moved.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141470#4141470

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4141470

More information about the jboss-user mailing list