Details

    • Type: Sub-task Sub-task
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 6.0.0.M4
    • Component/s: JMX
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      jconsole instructions for accessing a secured AS:

      1. Start AS with jmc connector security enabled.

      2. Start jconsole (with adding any options).

      3. In the jconsole gui, choose remote option button and enter remote url "service:jmx:rmi:///jndi/rmi://localhost:1090/jmxrmi"

      4. enter the userid and password and press connect.

      Also verify that a bad userid/pw fails the challenge.

      1. anil_change.tar
        20 kB
        Anil Saldhana
      2. jmxsecure.patch
        9 kB
        Scott Marlow

        Activity

        Hide
        Anil Saldhana
        added a comment -

        Best is just use PicketBox Authentication. We are bringing in PicketBox into AS in a couple of days.
        http://community.jboss.org/wiki/PicketBoxAuthentication

        Show
        Anil Saldhana
        added a comment - Best is just use PicketBox Authentication. We are bringing in PicketBox into AS in a couple of days. http://community.jboss.org/wiki/PicketBoxAuthentication
        Hide
        Scott Marlow
        added a comment -

        cd into your as trunk and issue:
        patch -p0 -i ./jmxsecure.patch

        Show
        Scott Marlow
        added a comment - cd into your as trunk and issue: patch -p0 -i ./jmxsecure.patch
        Hide
        Scott Marlow
        added a comment -

        1. After building, open build/target/jboss-6.0.0-SNAPSHOT/server/default/deploy/jmx-jboss-beans.xml and set the following:

        <property name="securityDomain">jmx-console</property>
        <property name="securityConfigFile">authentication.conf</property>

        2. Create the authentication.conf file in build/target/jboss-6.0.0-SNAPSHOT/server/default/conf:
        <?xml version='1.0'?>

        <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:jboss:security-config:5.0"
        xmlns="urn:jboss:security-config:5.0"
        xmlns:jbxb="urn:jboss:security-config:5.0">
        <!-- application-policy name is the security domain -->
        <application-policy name = "jmx-console">
        <authentication>
        <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag = "required">
        </login-module>
        </authentication>
        </application-policy>
        </policy>

        3. Then start the AS and get it to boot without error. Further instructions coming.

        Show
        Scott Marlow
        added a comment - 1. After building, open build/target/jboss-6.0.0-SNAPSHOT/server/default/deploy/jmx-jboss-beans.xml and set the following: <property name="securityDomain">jmx-console</property> <property name="securityConfigFile">authentication.conf</property> 2. Create the authentication.conf file in build/target/jboss-6.0.0-SNAPSHOT/server/default/conf: <?xml version='1.0'?> <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:jboss:security-config:5.0" xmlns="urn:jboss:security-config:5.0" xmlns:jbxb="urn:jboss:security-config:5.0"> <!-- application-policy name is the security domain --> <application-policy name = "jmx-console"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> </login-module> </authentication> </application-policy> </policy> 3. Then start the AS and get it to boot without error. Further instructions coming.
        Hide
        Scott Marlow
        added a comment -

        tested shutdown, twiddle, jconsole against a secured jmxconnector.

        Steps to enable jmxconnector security:

        1. Open deploy/jmx-jboss-beans.xml in an editor

        2. Replace:

        <!-- To enable authentication security checks, uncomment the following security domain name -->
        <!--UNCOMMENT THIS
        <property name="securityDomain">jmx-console</property>
        -->

        With:
        <!-- To enable authentication security checks, uncomment the following security domain name -->
        <property name="securityDomain">jmx-console</property>

        The jmx-console security will be used (as specified in conf/login-config.xml)

        Show
        Scott Marlow
        added a comment - tested shutdown, twiddle, jconsole against a secured jmxconnector. Steps to enable jmxconnector security: 1. Open deploy/jmx-jboss-beans.xml in an editor 2. Replace: <!-- To enable authentication security checks, uncomment the following security domain name --> <!--UNCOMMENT THIS <property name="securityDomain">jmx-console</property> --> With: <!-- To enable authentication security checks, uncomment the following security domain name --> <property name="securityDomain">jmx-console</property> The jmx-console security will be used (as specified in conf/login-config.xml)

          People

          • Assignee:
            Scott Marlow
            Reporter:
            David Lloyd
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: