Usage Note 41650: Securing the Java Management Extensions (JMX) and Web Console applications for the community version of the JBoss application server
 |  |  |  |
The following steps enable you to secure the JBoss JMX console application. Securing this application prevents unauthenticated access to the JMX and Web Console servlets that are used to manage JBoss and its services.
- Edit the web.xml file that is in the directory {jboss.server.home.directory}/deploy/jmx-console.war/WEB-INF/.
Typically, the web.xml file is located in the JBoss-installation-folder/server/SASServer1/deploy/jmx-console.war/WEB-INF/.
Remove the comment delimiters from the following <security-constraint> lines. The lines appear as follows after you remove the delimiters:
<!-- A security constraint that restricts access to the HTML JMX console to only those users with the role JBossAdmin. Edit the roles as necessary and remove the comment delimiters in the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security configuration that only enables users that are assigned the role JBossAdmin to access the HTML JMX console Web application. </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> - Remove the two <http-method> tags. The lines appear as follows after you remove the two methods:
<!-- A security constraint that restricts access to the HTML JMX console to only those users with the role JBossAdmin. Edit the roles as necessary and remove the comment delimiters in the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. -->
Typically, the jboss-web.xml file is located in the JBoss-installation-folder/server/SASServer1/deploy/jmx-console.war/WEB-INF/
<security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security configuration that only enables users that are assigned the role JBossAdmin to access the HTML JMX console Web application. </description> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> - Locate the following lines in the jboss-web.xml file that is found in the directory
{jboss.server.home.directory}/deploy/jmx-console.war/WEB-INF/. Then, remove the comment delimiters from the <security-domain> element to enable security.
<jboss-web> <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authenticate users. <security-domain>java:/jaas/jmx-console</security-domain> --> </jboss-web>
When you remove the delimiters, the elements should look like the following:
<jboss-web> <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web> - Repeat Steps 1 , 2 and 3 for the following files, as well:
${jboss.server.home.directory}/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml ${jboss.server.home.dir}/deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml
Typically, these files are located at JBoss-installation-folder/server/SASServer1/deploy/management/console-mgr.sar/web-console.war/WEB-INF/.
- Restart the JBoss server (Make sure that SAS Remote Services is already running or is started before you restart JBoss). Then try to access the following two applications:
You should be prompted for a user name (admin) and password (admin). The user name and password are also listed in the jmx-console-users.properties file that is located in ${jboss.server.home.directory}/conf/props/jmx-console-users.properties.
Operating System and Release Information
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.Product Family Product System Product Release SAS Release Reported Fixed* Reported Fixed* SAS System JBoss Application Server Microsoft® Windows® for x64 4.2 Microsoft Windows 95/98 4.2 Microsoft Windows 2000 Advanced Server 4.2 Microsoft Windows 2000 Datacenter Server 4.2 Microsoft Windows 2000 Server 4.2 Microsoft Windows 2000 Professional 4.2 Microsoft Windows NT Workstation 4.2 Microsoft Windows Server 2003 Datacenter Edition 4.2 Microsoft Windows Server 2003 Enterprise Edition 4.2 Microsoft Windows Server 2003 Standard Edition 4.2 Microsoft Windows Server 2003 for x64 4.2 Microsoft Windows Server 2008 4.2 Microsoft Windows Server 2008 for x64 4.2 Microsoft Windows XP Professional 4.2 Windows 7 Enterprise 32 bit 4.2 Windows 7 Enterprise x64 4.2 Windows 7 Home Premium 32 bit 4.2 Windows 7 Home Premium x64 4.2 Windows 7 Professional 32 bit 4.2 Windows 7 Professional x64 4.2 Windows 7 Ultimate 32 bit 4.2 Windows 7 Ultimate x64 4.2 Windows Millennium Edition (Me) 4.2 Windows Vista 4.2 Windows Vista for x64 4.2 64-bit Enabled AIX 4.2 64-bit Enabled Solaris 4.2 HP-UX IPF 4.2 Linux for x64 4.2 Solaris for x64 4.2 Type: Usage Note Priority: Date Modified: 2011-04-27 13:52:37 Date Created: 2010-11-19 11:30:29 - Restart the JBoss server (Make sure that SAS Remote Services is already running or is started before you restart JBoss). Then try to access the following two applications: