Altere o arquivo deploy/jmx-console.war/WEB-INF/web.xml, removendo as tags abaixo da sessão security-constraint:

<http-method>GET</http-method>
<http-method>POST</http-method>

Deve ficar parecido com isso:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>HtmlAdaptor</web-resource-name>
    <description>
       An example security config that only allows users with the role
       JBossAdmin to access the HTML JMX console web application
    </description>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>JBossAdmin</role-name>
  </auth-constraint>
</security-constraint>

Agora reinicie sua instância.

Mais detalhes/Referências:

• http://community.jboss.org/blogs/mjc/2011/10/20/statement-regarding-security-threat-to-jboss-application-server
• https://access.redhat.com/kb/docs/DOC-30741
• http://community.jboss.org/wiki/SecureTheJmxConsole

Comentários

comments powered by Disqus