The security setup is based on two pieces, the standard WEB-INF/web.xml servlet URI to role specification, and the WEB-INF/jboss-web.xml specification of the JAAS configuration which defines how authentication and role mapping is performed. To secure the Web Console using a username/password file -
- Locate the web-console.war directory in JBoss. This will normally be in <JBOSS Install dir>/server/default/deploy/management/console-mgr.sar directory.
- Edit <JBOSS Install dir>/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml and uncomment the following security-constraint block
<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role> - Edit the <JBOSS Install dir>/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-roles.properties and web-console-users.properties, and move those files to <JBOSS Install dir>/server/default/conf/props directory. and change the users and passwords to what you desire. The only change above should be to web-console-users.properties, i.e, set a password.
- Edit <JBOSS Install dir>/server/default/deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml and uncomment the following security-domain block:-
<jboss-web><!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web> - The security-domain value of web-console maps is declared in the login-config.xml JAAS configuration file which defines how authentication and authorization is done. edit <JBOSS Install dir>/server/default/conf/login-config.xml Change the path to the web-console-users.properties and the web-console-roles.properties as follows (add props/ to the front of the path)
<module-option name="usersProperties">props/web-console-users.properties</module-option>
<module-option name="rolesProperties">props/web-console-roles.properties</module-option>
No comments:
Post a Comment