JBoss-4.2.2.GA保险机制

JBoss-4.2.2.GA安全机制

?JBoss-4.2.2.GA默认部署了jmx-console和web-console，并且不需要密码即可访问，这样就存在安全隐患，容易造成攻击，故我们需要为这些部署加入安全机制。下面步骤分别针对jmx-console和web-console进行设置：

1.????? 设置jmx-console安全机制

a)????? 编辑deploy/jmx-console.war/WEB-INF/jboss-web.xml，搜寻到如下内容，并取消注释

<security-domain>java:/jaas/jmx-console</security-domain>

b)????? 编辑deploy/jmx-console.war/WEB-INF/web.xml，搜寻到如下内容，并取消注释

<security-constraint>

? <web-resource-collection>

? ? <web-resource-name>HtmlAdaptor</web-resource-name>

?? ?<description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application

??? </description>

??? <url-pattern>/*</url-pattern>

??? <http-method>GET</http-method>

??? <http-method>POST</http-method>

? </web-resource-collection>

? <auth-constraint>

? <role-name>JBossAdmin</role-name>

? </auth-constraint>

</security-constraint>

c)????? 打开conf/login-config.xml，搜寻到如下内容，检查usersProperties 和rolesProperties 对应的文件路径，默认是conf/props/jmx-console-users.properties和conf/props/jmx-console-roles.properties

<application-policy name = "jmx-console">

??? <authentication>

????? <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

??????????? flag = "required">

????? <module-option name="usersProperties">props/jmx-console-users.properties</module-option>

?????? <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

?????? </login-module>

?? </authentication>

</application-policy>

d)????? 编辑conf/props/jmx-console-users.properties，设置有权限访问jmx-console的用户和密码，格式为“用户名=密码”，默认该文件内容为admin=admin

e)????? 编辑conf/props/jmx-console-roles.properties，设置上一步定义的用户角色，格式为“用户名=角色1，角色2”，默认该文件内容为 admin=JBossAdmin,HttpInvoker

2.????? 设置web-console安全机制

a)????? 编辑deploy/management/console-mgr.sar/web-console.war/WEB-INF/jboss-web.xml，搜寻到如下内容，并取消注释

<security-domain>java:/jaas/web-console</security-domain>

b)????? 编辑deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml，搜寻到如下内容，并取消注释

<security-constraint>

?? <web-resource-collection>

?? ??? <web-resource-name>HtmlAdaptor</web-resource-name>

?? ?<description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application

?? ?</description>

?? ??? <url-pattern>/*</url-pattern>

?? ??? <http-method>GET</http-method>

?? ??? <http-method>POST</http-method>

?? </web-resource-collection>

?? <auth-constraint>

?? ??? <role-name>JBossAdmin</role-name>

?? </auth-constraint>

?</security-constraint>

c)????? 打开conf/login-config.xml，搜寻到如下内容，检查usersProperties 和rolesProperties 对应的文件路径，默认是deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties和deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/props/web-console-roles.properties???

<application-policy name = "web-console">

? <authentication>

??? <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

???????????? flag = "required">

??? <module-option name="usersProperties">web-console-users.properties</module-option>

??? <module-option name="rolesProperties">web-console-roles.properties</module-option>

??? </login-module>

? </authentication>

</application-policy>

d)????? 编辑deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties，设置有权限访问web-console的用户和密码，格式为“用户名=密码”，默认该文件内容为admin=admin

e)????? 编辑deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-roles.properties，设置上一步定义的用户角色，格式为“用户名=角色1，角色2”，默认该文件内容为 admin=JBossAdmin,HttpInvoker

配置完成，重启JBoss

原文参考：http://blog.csdn.net/acylas/article/details/2326098

JBoss-4.2.2.GA保险机制

热点推荐