[jboss-user] [Management, JMX/JBoss] - Problem with JMX authentication

ccesar do-not-reply at jboss.com
Mon Jun 8 15:33:54 EDT 2009 

Hi!

It is my first time on this forum, so I hope someone can help me :)

I'm trying to use authentication on my JMX console, but I have no sucess. I have already done this:

I let the file:

deploy/jmx-console.war/WEB-INF/jboss-web.xml

With the following data:


  | <jboss-web>
  |     <security-domain>java:/jaas/jmx-console</security-domain>
  | </jboss-web>
  | 

(enabling the JMX auth).

In the file web.xml (.), I have taken out the comments for the security constraint, so the file is with the following data:


  | <?xml version="1.0"?>
  | <!DOCTYPE web-app PUBLIC
  |    "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  |    "http://java.sun.com/dtd/web-app_2_3.dtd">
  | 
  | <web-app>
  |    <description>The standard web descriptor for the html adaptor</description>
  |    <!--
  |     <filter>
  |       <filter-name>JmxOpsAccessControlFilter</filter-name>
  |       <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
  |       <init-param>
  |         <param-name>updateAttributes</param-name>
  |         <param-value>UpdateAttributeRole</param-value>
  |         <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
  |       </init-param>
  |       <init-param>
  |         <param-name>invokeOp</param-name>
  |         <param-value>InvokeOpRole</param-value>
  |         <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
  |       </init-param>
  |    </filter>
  |    <filter-mapping>
  |       <filter-name>JmxOpsAccessControlFilter</filter-name>
  |       <servlet-name>HtmlAdaptor</servlet-name>
  |    </filter-mapping>
  |    -->
  |    <servlet>
  |       <servlet-name>HtmlAdaptor</servlet-name>
  |       <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
  |    </servlet>
  |    <servlet>
  |       <servlet-name>ClusteredConsoleServlet</servlet-name>
  |       <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
  |       <init-param>
  |          <param-name>jgProps</param-name>
  |          <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.partition.udpPort:45566}):
  | org.jboss.jmx.adaptor.control.FindView
  |          </param-value>
  |          <description>The JGroups protocol stack config</description>
  |       </init-param>
  |    </servlet>
  |    <servlet>
  |       <servlet-name>DisplayMBeans</servlet-name>
  |       <jsp-file>/displayMBeans.jsp</jsp-file>
  |    </servlet>
  |    <servlet>
  |       <servlet-name>InspectMBean</servlet-name>
  |       <jsp-file>/inspectMBean.jsp</jsp-file>
  |    </servlet>
  |    <servlet>
  |       <servlet-name>DisplayOpResult</servlet-name>
  |       <jsp-file>/displayOpResult.jsp</jsp-file>
  |    </servlet>
  |    <servlet>
  |       <servlet-name>ClusterView</servlet-name>
  |       <jsp-file>/cluster/clusterView.jsp</jsp-file>
  |    </servlet>
  | 
  |    <servlet-mapping>
  |       <servlet-name>HtmlAdaptor</servlet-name>
  |       <url-pattern>/HtmlAdaptor</url-pattern>
  |    </servlet-mapping>
  |    <servlet-mapping>
  |       <servlet-name>ClusteredConsoleServlet</servlet-name>
  |       <url-pattern>/cluster/ClusteredConsole</url-pattern>
  |    </servlet-mapping>
  |    <servlet-mapping>
  |       <servlet-name>DisplayMBeans</servlet-name>
  |       <url-pattern>/DisplayMBeans</url-pattern>
  |    </servlet-mapping>
  |    <servlet-mapping>
  |       <servlet-name>InspectMBean</servlet-name>
  |       <url-pattern>/InspectMBean</url-pattern>
  |    </servlet-mapping>
  |    <servlet-mapping>
  |       <servlet-name>DisplayOpResult</servlet-name>
  |       <url-pattern>/DisplayOpResult</url-pattern>
  |    </servlet-mapping>
  |    
  |    <security-constraint>
  |      <web-resource-collection>
  |        <web-resource-name>HtmlAdaptor</web-resource-name>
  |        <description>An example security config that only allows users with the
  |          role JBossAdmin to access the HTML JMX console web application
  |        </description>
  |        <url-pattern>/*</url-pattern>
  |        <http-method>GET</http-method>
  |        <http-method>POST</http-method>
  |      </web-resource-collection>
  |      <auth-constraint>
  |        <role-name>JBossAdmin</role-name>
  |      </auth-constraint>
  |    </security-constraint>
  | 
  |    <login-config>
  |       <auth-method>BASIC</auth-method>
  |       <realm-name>JBoss JMX Console</realm-name>
  |    </login-config>
  | 
  |    <security-role>
  |       <role-name>JBossAdmin</role-name>
  |    </security-role>
  | </web-app>
  | 

And in the end I added the users ( "example=passwd" and "example=JBossAdmin" ) on the file jmx-console-users.properties, but after I restart the JBoss server, I still haven't got it enabled...

Is there something else to add that I forgot to do?

tks,

Caio Ribeiro Cesar

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236173#4236173

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236173

More information about the jboss-user mailing list