Search
SupportConsoleDevelopersStart a trialContact

Appendix A. Disabling Authentication

download PDF
This appendix enables a user to disable authentication for specific services.
All specified paths in the sections below are relative to the jboss-as directory.
Disabling Authentication for JMX Console:

To disable authentication for the JMX console, edit the following file and comment out the security-constraint section: 

server/$PROFILE/deploy/jmx-console.war/WEB-INF/web.xml
The following fragment should be commented out: 
<security-constraint>
  <web-resource-collection>
    <web-resource-name>HtmlAdaptor</web-resource-name>
    <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application
    </description>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>JBossAdmin</role-name>
  </auth-constraint>
</security-constraint>
Disabling Authentication for Web Console:

To disable authentication for the Web console, edit the following file to comment out the security-constraint section: 

server/$PROFILE/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml
The following fragment should be commented out: 
<security-constraint>
  <web-resource-collection>
    <web-resource-name>HtmlAdaptor</web-resource-name>
    <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application
    </description>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>JBossAdmin</role-name>
  </auth-constraint>
</security-constraint>
Disabling Authentication for HTTP Invoker:

To disable authentication for the http invoker, JNDIFactory, EJBInvokerServlet, and JMXInvokerServlet need to be removed from the security realm in the file: 

server/$PROFILE/deploy/httpha-invoker.sar/invoker.war/WEB-INF/web.xml
For example, the security-constraint element should look as follows: 
<security-constraint>
  <web-resource-collection>
    <web-resource-name>HttpInvokers</web-resource-name>
    <description>An example security config that only allows users with the role HttpInvoker to access the HTTP invoker servlets
    </description>
    <url-pattern>/restricted/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>HttpInvoker</role-name>
  </auth-constraint>
</security-constraint>
Disabling Authentication for JMX Invoker:

To disable authentication for the JMX invoker, edit the following file to comment out the security interceptor passthrough: 

server/$PROFILE/deploy/jmx-invoker-service.xml
Locate the mbean section with the class org.jboss.jmx.connector.invoker.InvokerAdaptorService. In that section comment out the line that relates to authenticated users:
The following fragment should be commented out: 
<descriptors>
  <interceptors>
    <!--Uncomment to require authenticated users-->
    <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
        securityDomain="java:/jaas/jmx-console"/>
    <!--Interceptor that deals with non-serializable results-->
    <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
        policyClass="StripModelMBeanInfoPolicy"/>
  </interceptors>
</descriptors>
Disabling Authentication for the ProfileService:

To disable authentication for the ProfileService, edit the following file and comment out the contents of the serverProxyInterceptors list: 

deploy/profileservice-jboss-beans.xml
The following fragment should be commented out: 
<bean class="org.jboss.aspects.security.AuthenticationInterceptor">
  <constructor>
    <parameter>
      <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager" parameter="jmx-console"/>
    </parameter>
  </constructor>
</bean>
<bean class="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor">
  <constructor>
    <parameter>
      <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager" parameter="jmx-console"/>
    </parameter>
    <parameter>
      <value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager" parameter="jmx-console"/>
    </parameter>
  </constructor>
</bean>
Disabling Authentication for JBossWS:

To disable authentication for JBossWS, edit the following file and comment out the security-constraint: 

deploy/jbossws.sar/jbossws-management.war/WEB-INF/web.xml
The following fragment should be commented out: 
<security-constraint>
  <web-resource-collection>
    <web-resource-name>ContextServlet</web-resource-name>
    <description>An example security config that only allows users with the role 'friend' to access the JBossWS console web application
    </description>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
      <role-name>friend</role-name>
  </auth-constraint>
</security-constraint>
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.