The Stan Darko figuration the jmx and web console to the JBoss not protected against unauthorized access and can for example be accessed via http://meinserver:8080/jmx-console. This can change but simply because both consoles are standard servlets. For this reason, we can simply activate the security constraints and protect access with a password.
To achieve this we perform the following steps: first
First we edit the file JBOSS_HOME / se RVer / default / deploy / jmx-console.war / WEB-INF / web.xml . In this file, we remove the comments around the block security-constraint
second Now we take the file jboss-web.xml before in the same directory. Here, we remove the comments to the day
third In the files jmx-console-roles.properties and jmx-console-users.properties that the directory JBOSS_HOME / server / default / conf / props z are find u, can now the groups a user and its password should be established. For the admin they are indeed already been created, but it is best to assign a new password. We do this by admin in the file jmx-console-users.properties in the line = admin the second replaced by our new admin password.
4th The two files mentioned in the previous step, we now identify and clone it web-console- roles.properties and web-console-users.properties. us serve the same permissions for the web-console to use.
5th In the directory JBOSS_HOME / server / default / conf we now edit the file login-config.xml . We are looking for the day application-policy name = "web-console"
5th Actually, these files in JBOSS_HOME / server / default / deploy / management / console-mgr.sar / web-console.war / WEB-INF / classes . Therefore, we need to rename these files now so that the server does not find it here.
course, you can step 4 and 5, miss and easily configure the files in place.
If now the address http://meinserver:8080/jmx-console calls in the browser, you will be prompted for the password. Here is one admin and the password changed in step 3 and will gain access to the jmx console.