Jboss4.03 web-console jmx-console 登录安全设置
时间:2006-12-31 来源:ghbspecial
http://localhost:8080/ 默认使用8080端口
默认配置了以下服务:
- JMX Console
- JBoss Web Console
为了安全起见,需要用户通过授权进行访问。
首先对JMX-Console进行设置,在《Getting Started with JBoss 4.0 Release 4》的2.2.3. Security Service小节中给出了方法,但是缺少了一点点东西:
STEP 1:
找到%JBOSS_HOME%/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml文件,根据说明,去掉注释。<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users. -->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>STEP 2:
与jboss-web.xml同级目录下还有一个文件web.xml,找到其中的<security-constraint/>节点,根据说明,取消注释。……
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint><security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<url-pattern>/public/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>……
STEP 3:
在第一步中的jmx-console安全域和第二步中的运行角色JBossAdmin都是在login-config.xml中配置,我们在%JBOSS_HOME%/server/default/conf/props下找到它。查找名字为:jmx-console的application-policy:<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy> -
-
文件props/jmx-console-users.properties定义了用户名、密码;props/jmx-console-roles.properties定义了用户所属角色,找到后自行修改或重新定义用户名、密码。 -
配置web-console,具体方法同jmx-console,就是位置不同:
- jboss-web.xml、web.xml在%JBOSS_HOME%/server/default/deploy/management/console-mgr.sar\web-console.war/WEB-INF下;
- login-config.xml还是原来的那个,把application-policy名为$webConsoleDomain的部分改成你需要的web-console;
- web-console-users.properties、web-console-roles.properties定义了访问web-console的用户、用户角色,具体位置自己去找,使用find /jboss -name web-console-users.properties 找到以后可以修改用户名、密码。
相关阅读 更多 +
排行榜 更多 +
