This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Saturday, August 14, 2010
Securing JBOSS JMX and Web Console
After installing the JBOSS Application Server, the jmx console can be accessed by anybody without providing any username/password. This is a big security risk as anybody can perform changes though the jmx and web console. Setting up basic username/password security for the jboss jmx/web console can be accomplished by performing the following steps on the JBOSS Application Server.
1. Edit $JBOSS_HOME/server/all/conf/props/jmx-console-users.properties to add jmx console users. Replace “all” with your JBOSS profile name. The syntax to add users is username=password. By default admin user would be available in this file with admin as password.
Ex : sysadmin=Password007 — This configuration will create a new jmx and web console user as “sysadmin” and set the password as “Password007″
2. To provide admin privileges on jmx and web console to the newly created user, edit jmx-console-roles.properties file available in $JBOSS_HOME/server/all/conf/props folder and add username=JBossAdmin.
Ex : sysadmin=JBossAdmin — This configuration will provide admin privileges to sysadmin user on jmx and web console.
3. Edit $JBOSS_HOME/server/all/deploy/jmx-console.war/WEB-INF/jboss-web.xml file and uncomment the security domain as shown below.
4. Edit $JBOSS_HOME/server/all/deploy/jmx-console.war/WEB-INF/web.xml file and uncomment the security constraint as shown below.
An example security config that only allows
users with the role JBossAdmin to access the
HTML JMX console web application /* GET POST JBossAdmin
5. The location, path or name of the users and roles configuration files i.e. jmx-console-users.properties or jmx-console-roles.properties can be changed by editing $JBOSS_HOME/server/all/conf/login- -config.xml file. Sample configuration is given below.