JBoss Settings Console Login window

 

after installing JBoss and launching JBoss, type http://localhost:8080/jmx-console in the address bar of the browser window to browse some information about JBoss deployment management. By default, not typing any user name and password to enter this page, convenient is convenient, but the real use is still a bit of a security risk, because no matter anyone knows the server's IP can go in Access. Here we configure JBoss for this issue, so that access to the Jmx-console must also know the user name and password in order to access.

steps:

1. Enter Jmx-console.war, usually this directory is in the {Jboss_home}\server\default\deploy directory.

2. Edit the Web-inf\web.xml in this directory to remove the <security-constraint> part comments

3. Edit the Roles.properties and users.properties of the web-inf\classes under this directory;

1) The Users.properties file defines the user name and password in the format Username=password. Of course, multiple users can be added in this format.

2) The Roles.propertie file defines the user name and the role in the format Username=role. The role here must correspond to the <role-name> in the Web. xml file.

4. Edit the Web-inf\jboss-web.xml file, open the <security-domain> section Note, and here <security-domain> the corresponding Security-domain for the content { Jboss_home}\server\default\conf\login-config.xml one of the application-policy in this Jaas configuration file.

such as:

<security-domain>java:/jaas/jmx-console</security-domain>

in Login-config.xml The correspondence has:

<application-policyname= "Jmx-console" >

<authentication>

<login-modulecode= "Org.jboss.security.auth.spi.UsersRolesLoginModule"

flag= "Required"/>

</authentication>

</application-policy>