Jboss4.03 web-console jmx-console 登录安全设置

Jboss4.03 web-console jmx-console 登录安全设置

http://localhost:8080/ 默认使用8080端口

默认配置了以下服务:

JMX Console
JBoss Web Console
为了安全起见,需要用户通过授权进行访问。

首先对JMX-Console进行设置,在《Getting Started with JBoss 4.0 Release 4》的2.2.3. Security Service小节中给出了方法,但是缺少了一点点东西:
STEP 1:
找到%JBOSS_HOME%/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml文件,根据说明,去掉注释。

<jboss-web>
   <!-- Uncomment the security-domain to enable security. You will
      need to edit the htmladaptor login configuration to setup the
      login modules used to authentication users. -->
   <security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>

STEP 2:
与jboss-web.xml同级目录下还有一个文件web.xml,找到其中的节点,根据说明,取消注释。

……

   <!-- A security constraint that restricts access to the HTML JMX console
   to users with the role JBossAdmin. Edit the roles to what you want and
   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
   secured access to the HTML JMX console.
   -->
 
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>JBossAdmin</role-name>
     </auth-constraint>
   </security-constraint>

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Public</web-resource-name>
       <url-pattern>/public/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
   </security-constraint>

……

STEP 3:
在第一步中的jmx-console安全域和第二步中的运行角色JBossAdmin都是在login-config.xml中配置,我们在%JBOSS_HOME%/server/default/conf/props下找到它。查找名字为:jmx-console的application-policy:

    <application-policy name = "jmx-console">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
           <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

文件props/jmx-console-users.properties定义了用户名、密码;props/jmx-console-roles.properties定义了用户所属角色,找到后自行修改或重新定义用户名、密码。

配置web-console,具体方法同jmx-console,就是位置不同:

jboss-web.xml、web.xml在%JBOSS_HOME%/server/default/deploy/management/console-mgr.sar\web-console.war/WEB-INF下;
login-config.xml还是原来的那个,把application-policy名为$webConsoleDomain的部分改成你需要的web-console;
web-console-users.properties、web-console-roles.properties定义了访问web-console的用户、用户角色,具体位置自己去找,使用find /jboss -name web-console-users.properties 找到以后可以修改用户名、密码。

发表评论