Tip: activating admin-console and jmx-console in JBoss 5.x (and securing access)


When using the OutSystems Platform for Java in its JBoss flavor you might need to access the JBoss web consoles for advanced troubleshooting. The setup of the OutSystems Platform will not by default activate these consoles, but you can do it manually after the setup.

This post explains how to activate admin-console and jmx-console in JBoss and how to activate security to restrict access to it.
Note: always make backup copies of all files you edit. In case something goes wrong, you just need to replace them with the backup.

Activating admin-console and jmx-console

OutSystems creates its own server profile in JBoss upon installation, and it will not contain the files needed The files for admin-console and jmx-console are located in the "default" JBoss server profile. So the simplest way of deploying it to the OutSystems profile is to use a symlink.

The detailed steps are:
  1. Import the outsystems environment variables to your local shell: source /etc/sysconfig/outsystems
  2. Stop JBoss: service jboss-outsystems stop
  3. Go to the deploy folder of the OutSystems profile: cd $JBOSS_HOME/server/outsystems/deploy 
  4. Create the symlinks:
    -> ln -s $JBOSS_HOME/server/default/deploy/admin-console.war/ admin-console.war
    -> ln -s $JBOSS_HOME/server/default/deploy/jmx-console.war/ jmx-console.war
  5. Start JBoss again: service jboss-outsystems start
This will deploy the consoles. jmx-console will not require any authentication; admin-console will login with the defaults (typically admin/admin).

Securing access to admin-console and jmx-console

Both admin-console and jmx-console use credentials which are stored under $JBOSS_HOME/server/outsystems/conf/props/jmx-console-users.properties . To secure access to admin-console, simply edit this file, change the password for the admin user, and restart jboss.

Securing access to jmx-console requires additional steps. The same set of credentials will be used, but you will need to activate their need by:
  1. Again, import the outsystems environment variables to your local shell: source /etc/sysconfig/outsystems
  2. Stop JBoss: service jboss-outsystems stop
  3. Edit file $JBOSS_HOME/server/outsystems/deploy/jmx-console.war/WEB-INF/jboss-web.xml and uncomment the line: <security-domain>java:/jaas/jmx-console</security-domain>

  4. Edit the file $JBOSS_HOME/server/outsystems/deploy/jmx-console.war/WEB-INF/web.xml and uncomment the whole <security-constraint> section:

  5. Start JBoss again: service jboss-outsystems start

After this, login to jmx-console will require credentials. Use the same ones you use for admin-console.


Final thoughts

If you run into any problems or if you have any follow-up questions on this topic, please feel free to pose them here.

Acácio Porta Nova


[1] www.outsystems.com/forums/discussion/3555/configure-password-access-in-jboss-web-console/
[2] https://community.jboss.org/wiki/SecureTheJmxConsole