See Thread at: http://www.techienuggets.com/Detail?tx=9 Posted on behalf of a User
How to encrypt the password for jmx-console and web-console? I use the follow command to encrypt the password. But where should I put the encrypted password? What changes do I need to make? java -cp lib\jboss-common.jar;server\default\lib\jbosssx.jar;server\default\lib\jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule production Thanks! In Response To: Out of the box jmx-console and the web console are accessable to anyone who can access your server via the following url: http://yourserver:8080/jmx-console. The good news is that both jmx-console and web-console are standard servlet so they can be protected easily by enabling the security-constraint. Our example uses the default server model. 1. edit \server\default\deploy\jmx-console.war\WEB-INF\web.xml and uncomment the security-constraint <!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss JMX Console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role> 2. Edit \server\default\deploy\jmx-console.war\WEB-INF\jboss-web.xml. Uncomment the following block: <jboss-web> <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users.--> <security-domain>java:/jaas/jmx-console</security-domain> </jboss-web> 3. Edit \server\default\conf\props\jmx-console-roles.properties 4. Edit \server\default\conf\props\jmx-console-users.properties The only change above should be to jmx-console-users.properties, i.e, set a password. 5. While you are in directory make copies of the two jmx-console properties files and call them web-console-roles.properties and web-console-users.prperties respectively. 6. The property files for web-console currently exist under \server\default\deploy\management\console-mgr.sar\web-console.war\WEB-INF\classes. I would rename these files. 7. edit \server\default\conf\login-config.xml <application-policy name = "web-console"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props/web-console-users.properties</module-option> <module-option name="rolesProperties">props/web-console-roles.properties</module-option> </login-module> </authentication> </application-policy In the above you need to add the props/ because this is missing in the original file. If you do not do this the login procedure will look for the properties file under web-console.war\WEB-INF\classes and if you have not renamed the properties file there it will try and use those. Remember to bounce JBoss after you are done. _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
