Configure Password access in JBoss JMX-Console

Configure Password access in JBoss JMX-Console

  
EDIT: New & Updated post here: http://www.outsystems.com/forums/discussion/10479/tip-activating-admin-console-and-jmx-console-in-jboss-5-x-and-securing-access/

---

In case you want to have your JMX-Console configured with username and password access policy take the following steps.

1) Go to directory /opt/jboss-4.0.3SP1/server/outsystems/deploy/jmx-console.war/WEB-INF/

2) Edit file jboss-web.xml, uncomment section <security-domain>java:/jaas/jmx-console</security-domain> as presented below. This links the security domain to the web application, but it doesn't tell the web application what security policy to enforce, what URLs are we trying to protect, and who is allowed to access them.

------------------------------------------------------------------------------------------------
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>
------------------------------------------------------------------------------------------------


3) To configure security policies, URL to protect, and who is allowed to access it, edit file web.xml in the same directory and uncomment the security-constraint that is already there as presented below. This security constraint will require a valid user name and password for a user in the JBossAdmin group.

------------------------------------------------------------------------------------------------
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console. -->

<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
------------------------------------------------------------------------------------------------


4) User names and passwords come from jmx-console security domain we linked the application to. Configuration for this lies in file placed in directory /opt/jboss-4.0.3SP1/server/outsystems/conf/login-config.xml. This configuration uses a simple file based security policy. The configuration files are found in /opt/jboss-4.0.3SP1/server/outsystems/conf/props. The usernames and passwords are stored in the jmx-console-users.properties file and take the form "username=password". To assign a user to the JBossAdmin group add "username=JBossAdmin" to the “jmx-console-roles.properties” properties file. The existing file has an admin user with the password admin. For security, please either remove the user or change the password to a stronger one.

JBoss will re-deploy the JMX Console whenever you update its web.xml file.
------------------------------------------------------------------------------------------------


That's all for now,

Carlos Cabral