??????? ? 為JBoss jmx-console增加驗(yàn)證,給JBOSS5.1GA jmx-console添加相關(guān)帳號(hào)管理。操作如下:
一、JMX安全配置
?
1: 找到%JBOSS_HOME%/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml文件,去掉對(duì)下面這段xml文本的注釋。
?
-
<
jboss-web
>
???
-
<
security-domain
>
java:/jaas/jmx-console
</
security-domain
>
???
-
</
jboss-web
>
???
2: 與jboss-web.xml同級(jí)目錄下還有一個(gè)文件web.xml,找到下面這段xml文本,取消注釋。
?
-
<
security-constraint
>
???
-
<
web-resource-collection
>
???
-
<
web-resource-name
>
HtmlAdaptor
</
web-resource-name
>
???
-
<
description
>
An?example?security?config?that?only?allows?users?with?the???
-
role?JBossAdmin?to?access?the?HTML?JMX?console?web?application???
-
</
description
>
???
-
<
url-pattern
>
/*
</
url-pattern
>
???
-
<
http-method
>
GET
</
http-method
>
???
-
<
http-method
>
POST
</
http-method
>
???
-
</
web-resource-collection
>
???
-
<
auth-constraint
>
???
-
<
role-name
>
JBossAdmin
</
role-name
>
???
-
</
auth-constraint
>
???
-
</
security-constraint
>
???
3: 在第一步中的jmx-console安全域和第二步中的運(yùn)行角色JBossAdmin都是在login-config.xml中配置,我們?cè)?? % JBOSS_HOME%/server/default/conf/login-config.xml文件可以看到以下配置,
?
-
<
application-policy
?
name
?=?
"jmx-console"
>
???
-
<
authentication
>
???
-
<
login-module
?
code
=
"org.jboss.security.auth.spi.UsersRolesLoginModule"
???
-
flag
?=?
"required"
>
???
-
<
module-option
?
name
=
"usersProperties"
>
props/jmx-console-users.properties
</
module-option
>
???
-
<
module-option
?
name
=
"rolesProperties"
>
props/jmx-console-roles.properties
</
module-option
>
???
-
</
login-module
>
???
-
</
authentication
>
???
-
</
application-policy
>
???
文件props/jmx-console-users.properties定義了用戶名、密碼;props/jmx-console-roles.properties定義了用戶所屬角色
?
注:
?
jmx-console-users.properties 格式是:用戶名=密碼明文
?
jmx-console-roles.properties 格式是:用戶名=角色1,角色2,角色3
?
可以找到這兩個(gè)文件,修改用戶名和密碼。
?
二、WEB-CONSOLE的安全配置
?
1:
?
找到%JBOSS_HOME%/server/default/deploy/ management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml文件,去掉對(duì)以下xml文本的注釋。
?
-
<
jboss-web
>
???
-
<
depends
>
jboss.admin:service
=
PluginManager
</
depends
>
???
-
</
jboss-web
>
???
2:
?
與jboss-web.xml同級(jí)目錄下還有一個(gè)文件web.xml,找到下面這段xml文本,取消注釋。
?
-
<
security-constraint
>
???
-
<
web-resource-collection
>
???
-
<
web-resource-name
>
HtmlAdaptor
</
web-resource-name
>
???
-
<
description
>
An?example?security?config?that?only?allows?users?with?the???
-
role?JBossAdmin?to?access?the?HTML?JMX?console?web?application???
-
</
description
>
???
-
<
url-pattern
>
/*
</
url-pattern
>
???
-
<
http-method
>
GET
</
http-method
>
???
-
<
http-method
>
POST
</
http-method
>
???
-
</
web-resource-collection
>
???
-
<
auth-constraint
>
???
-
<
role-name
>
JBossAdmin
</
role-name
>
???
-
</
auth-constraint
>
???
-
</
security-constraint
>
???
3:
?
% JBOSS_HOME%/server/default/conf/login-config.xml文件可以看到以下配置:
?
-
<
application-policy
?
name
?=?
"web-console"
>
???
-
<
authentication
>
???
-
<
login-module
?
code
=
"org.jboss.security.auth.spi.UsersRolesLoginModule"
???
-
flag
?=?
"required"
>
???
-
<
module-option
?
name
=
"usersProperties"
>
web-console-users.properties
</
module-option
>
???
-
<
module-option
?
name
=
"rolesProperties"
>
web-console-roles.properties
</
module-option
>
???
-
</
login-module
>
???
-
</
authentication
>
???
-
</
application-policy
>
???
上面提到的兩個(gè)文件在%JBOSS_HOME%/server/default/deploy/ management/console-mgr.sar/web-console.war/WEB-INF/classes文件夾下,你可以修改其中的用戶名和密碼,格式和上面的兩個(gè)properties文件中的一樣。
?
啟動(dòng)服務(wù)輸入http://localhost:8080/jmx-console 和http://localhost:8080/web-console測(cè)試安全機(jī)制 。
?
?
四。啟動(dòng)服務(wù)并打開瀏覽器驗(yàn)證??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
startDefault.bat
cd %JBOSS_HOME%/bin
./run.sh -c default -b 192.168.70.99?
http://localhost:8080
?
?
?
?