Details

    • Type: Sub-task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 6.0.0.M4
    • Component/s: JMX
    • Labels:
      None

      Description

      jconsole instructions for accessing a secured AS:

      1. Start AS with jmc connector security enabled.

      2. Start jconsole (with adding any options).

      3. In the jconsole gui, choose remote option button and enter remote url "service:jmx:rmi:///jndi/rmi://localhost:1090/jmxrmi"

      4. enter the userid and password and press connect.

      Also verify that a bad userid/pw fails the challenge.

        Gliffy Diagrams

        1. anil_change.tar
          20 kB
          Anil Saldhana
        2. jmxsecure.patch
          9 kB
          Scott Marlow

          Activity

          Hide
          anil.saldhana Anil Saldhana added a comment -

          Best is just use PicketBox Authentication. We are bringing in PicketBox into AS in a couple of days.
          http://community.jboss.org/wiki/PicketBoxAuthentication

          Show
          anil.saldhana Anil Saldhana added a comment - Best is just use PicketBox Authentication. We are bringing in PicketBox into AS in a couple of days. http://community.jboss.org/wiki/PicketBoxAuthentication
          Hide
          smarlow Scott Marlow added a comment -

          cd into your as trunk and issue:
          patch -p0 -i ./jmxsecure.patch

          Show
          smarlow Scott Marlow added a comment - cd into your as trunk and issue: patch -p0 -i ./jmxsecure.patch
          Hide
          smarlow Scott Marlow added a comment -

          1. After building, open build/target/jboss-6.0.0-SNAPSHOT/server/default/deploy/jmx-jboss-beans.xml and set the following:

          <property name="securityDomain">jmx-console</property>
          <property name="securityConfigFile">authentication.conf</property>

          2. Create the authentication.conf file in build/target/jboss-6.0.0-SNAPSHOT/server/default/conf:
          <?xml version='1.0'?>

          <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="urn:jboss:security-config:5.0"
          xmlns="urn:jboss:security-config:5.0"
          xmlns:jbxb="urn:jboss:security-config:5.0">
          <!-- application-policy name is the security domain -->
          <application-policy name = "jmx-console">
          <authentication>
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag = "required">
          </login-module>
          </authentication>
          </application-policy>
          </policy>

          3. Then start the AS and get it to boot without error. Further instructions coming.

          Show
          smarlow Scott Marlow added a comment - 1. After building, open build/target/jboss-6.0.0-SNAPSHOT/server/default/deploy/jmx-jboss-beans.xml and set the following: <property name="securityDomain">jmx-console</property> <property name="securityConfigFile">authentication.conf</property> 2. Create the authentication.conf file in build/target/jboss-6.0.0-SNAPSHOT/server/default/conf: <?xml version='1.0'?> <policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:jboss:security-config:5.0" xmlns="urn:jboss:security-config:5.0" xmlns:jbxb="urn:jboss:security-config:5.0"> <!-- application-policy name is the security domain --> <application-policy name = "jmx-console"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> </login-module> </authentication> </application-policy> </policy> 3. Then start the AS and get it to boot without error. Further instructions coming.
          Hide
          smarlow Scott Marlow added a comment -

          tested shutdown, twiddle, jconsole against a secured jmxconnector.

          Steps to enable jmxconnector security:

          1. Open deploy/jmx-jboss-beans.xml in an editor

          2. Replace:

          <!-- To enable authentication security checks, uncomment the following security domain name -->
          <!--UNCOMMENT THIS
          <property name="securityDomain">jmx-console</property>
          -->

          With:
          <!-- To enable authentication security checks, uncomment the following security domain name -->
          <property name="securityDomain">jmx-console</property>

          The jmx-console security will be used (as specified in conf/login-config.xml)

          Show
          smarlow Scott Marlow added a comment - tested shutdown, twiddle, jconsole against a secured jmxconnector. Steps to enable jmxconnector security: 1. Open deploy/jmx-jboss-beans.xml in an editor 2. Replace: <!-- To enable authentication security checks, uncomment the following security domain name --> <!--UNCOMMENT THIS <property name="securityDomain">jmx-console</property> --> With: <!-- To enable authentication security checks, uncomment the following security domain name --> <property name="securityDomain">jmx-console</property> The jmx-console security will be used (as specified in conf/login-config.xml)

            People

            • Assignee:
              smarlow Scott Marlow
              Reporter:
              dmlloyd David Lloyd
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development