Install JBoss 5.

1 on CentOS
This post will cover installing JBoss 5.1 on CentOS 5.x.
NOTE: If you wish to install JBoss 7.1 on CentOS, please see my post here:
http://www.davidghedini.com/pg/entry/install_jboss_7_on_centos
We'll also set up JBoss to run as a service
I did my installation below on CentOS 5.5. This should work for RHEL and Fedora as
well.
Firstly, let's outline the steps we will be taking:
1. Download and Install the Java Development Kit (JDK)
2. Download and Install JBoss 5.1 Application Server
3. Create the user, jboss, who will own and run JBoss
4. Set the required JAVA_HOME and JBOSS_HOME paths
5. Create a start/stop/restart script for JBoss
6. Configure JBoss to run as a service
7. Change the JBoss Admin Console password
8. Set memory parameters for JBoss using JAVA_OPTS
9. Configure JBoss to run on port 80
10. Notes: Securing the JMX Console, Web Console, JBossWS, and Tomcat Status.

Step 1: Download and Install the Java Development Kit (JDK)

You can download the JDK
here: http://www.oracle.com/technetwork/java/javase/downloads/index.html
I'm using JDK 6, update 24, the latest as of this post. The JDK is specific to 32 and 64
bit versions.
My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.
If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin
Download the appropriate JDK and save it to a directory. I'm saving it to /root.
Move (mv) or copy (cp) the file to the /opt directory:

1.

[root@sv2 ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin

Create the directory /usr/java.

1.

[root@sv2 ~]# mkdir /usr/java

Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk6u24-linux-x64.bin'
1.

[root@sv2 ~]# cd /usr/java

2. [root@sv2 java]# sh /opt/jdk-6u24-linux-x64.bin

We now have the JDK installed at /usr/java/jdk1.6.0_24. We'll use this for our
JAVA_HOME a bit later in step

Step 2: Download and Install JBoss 5.1 Application Server

Download jboss-5.1.0.GA.zip
at http://sourceforge.net/projects/jboss/files/JBoss/JBoss-5.1.0.GA/ or use wget:
1. [root@aoukuk25 ~]# wget http://sourceforge.net/projects/jboss/files/JBoss/JB
oss-5.1.0.GA/jboss-5.1.0.GA.zip/download
2. .
3. .
4. .
5. Saving to: `jboss-5.1.0.GA.zip'
6.
7. 100%[======================================>] 133,466
,607 5.58M/s

in 17s

8.
9. 2011-01-02 02:03:02 (7.56 MB/s) - `jboss-5.1.0.GA.zip' saved [133466607/13
3466607]

10. [root@sv2 ~]#

Move (mv) or copy (cp) the file to /usr/share/jboss-5.1.0.GA.zip.
1.

[root@sv2 ~]# mv jboss-5.1.0.GA.zip /usr/share/jboss-5.1.0.GA.zip

Change to the /usr/share directory and unzip the file:

1.

[root@sv2 ~]# cd /usr/share

2. [root@sv2 share]# unzip -q jboss-5.1.0.GA.zip

The unzip will create the following directory: /usr/share/jboss-5.1.0.GA
This directory will be our JBOSS_HOME, which we will use below in Step 4 below

Step 3: Create the user, jboss, who will own and run JBoss
Since we will want to run JBoss as a non-root user with minimal privileges, we'll create
a user, jboss, who will own the JBoss files and JBoss will run under his account.
To do this, we can need to the following.
Create a new group, jboss, and then create the user jboss and add the user to the
jboss group.
1.

[root@sv2 ~]# groupadd jboss

2. [root@sv2 ~]# useradd -s /bin/bash -g jboss jboss

Change ownership of the JBoss home directory, /usr/share/jboss-5.1.0.GA so all files
are owned by the user jboss we created.
1.

[root@sv2 ~]# chown -Rf jboss.jboss /usr/share/jboss-5.1.0.GA/

Step 4: Set the required JAVA_HOME and JBOSS_HOME paths

We no need to set the JAVA_HOME and JBOSS_HOME.
The JAVA_HOME is where we installed the JDK above, /usr/java/jdk1.6.0_24, and the

JBOSS_HOME is where we installed JBoss above /usr/share/jboss-5.1.0.GA.

Add the following to the jboss users .bash_profile:
1. JAVA_HOME=/usr/java/jdk1.6.0_24
2. export JAVA_HOME
3. PATH=$JAVA_HOME/bin:$PATH
4. export PATH
5. JBOSS_HOME=/usr/share/jboss-5.1.0.GA
6. export JBOSS_HOME

To set the JAVA_HOME for users, we add this to the user ~/.bashrc or ~/.bash_profile
of the user. We can also add it /etc/profile and then source it to give to all users.
1. JAVA_HOME=/usr/java/jdk1.6.0_24
2. export JAVA_HOME
3. PATH=$JAVA_HOME/bin:$PATH
4. export PATH

Once you have added the above to ~/.bash_profile or ~/.bashrc, you should su to the
user jboss and verify that the JAVA_HOME and JBOSS_HOME are set correctly.
1.

[root@sv2 ~]# su jboss

2. [jboss@sv2 ~]# echo $JAVA_HOME

3. /usr/java/jdk1.6.0_24
4. [jboss@sv2 ~]# echo $JBOSS_HOME
5. /usr/share/jboss-5.1.0.GA

Step 5: Create a start/stop/restart script for JBoss.

For our JBoss script we will simply copy the existing jboss_init_redhat.sh script located
at at /usr/share/jboss-5.1.0.GA/bin, copy it to /etc/init.d and rename it to 'jboss':
So, as root:
1.

[root@sv2 ~]# cd /usr/share/jboss-5.1.0.GA/bin

2. [root@sv2 bin]# cp jboss_init_redhat.sh /etc/init.d/jboss

In the jboss script (shown completed below), make the following changes:
1. Add lines 3,4, and 5:
# description: JBoss Start Stop Restart
# processname: jboss
# chkconfig: 234 20 80
2. Line 21, Set the JBOSS_HOME to where we unpacked JBoss in step 2 above:
JBOSS_HOME=${JBOSS_HOME:-"/usr/share/jboss-5.1.0.GA"}
3. Line 27. Set the JAVA_HOME to where we installed the JDK in step 1 above:
JAVAPTH=${JAVAPTH:-"/usr/java/jdk1.6.0_24"}
4. Add line 33, which sets the JBOSS_HOST to 0.0.0.0, allowing JBoss to bind to any
IP.
JBOSS_HOST="0.0.0.0"
1. #!/bin/sh
2. #
3. # description: JBoss Start Stop Restart
4. # processname: jboss
5. # chkconfig: 234 20 80

6. # $Id: jboss_init_redhat.sh 81068 2008-11-14 15:14:35Z [email protected] $

7. #
8. # JBoss Control Script
9. #
10. # To use this script run it as root - it will switch to the specified user
11. #
12. # Here is a little (and extremely primitive) startup/shutdown script
13. # for RedHat systems. It assumes that JBoss lives in /usr/local/jboss,
14. # it's run by user 'jboss' and JDK binaries are in /usr/local/jdk/bin.
15. # All this can be changed in the script itself.
16. #
17. # Either modify this script for your requirements or just ensure that
18. # the following variables are set correctly before calling the script.
19.
20. #define where jboss is - this is the directory containing directories log, bin, conf
etc
21. JBOSS_HOME=${JBOSS_HOME:-"/usr/share/jboss-5.1.0.GA"}
22.
23. #define the user under which jboss will run, or use 'RUNASIS' to run as the curr
ent user
24. JBOSS_USER=${JBOSS_USER:-"jboss"}
25.

26. #make sure java is in your path

27. JAVAPTH=${JAVAPTH:-"/usr/java/jdk1.6.0_24"}
28.
29. #configuration to use, usually one of 'minimal', 'default', 'all'
30. JBOSS_CONF=${JBOSS_CONF:-"default"}
31.
32. #if JBOSS_HOST specified, use -b to bind jboss services to that address
33. JBOSS_HOST="0.0.0.0"
34. JBOSS_BIND_ADDR=${JBOSS_HOST:+"-b $JBOSS_HOST"}
35.
36.
37. #define the classpath for the shutdown class
38. JBOSSCP=${JBOSSCP:-"$JBOSS_HOME/bin/shutdown.jar:
$JBOSS_HOME/client/jnet.jar"}
39.
40. #define the script to use to start jboss
41. JBOSSSH=${JBOSSSH:-"$JBOSS_HOME/bin/run.sh -c $JBOSS_CONF $JBOSS_
BIND_ADDR"}
42.
43. if [ "$JBOSS_USER" = "RUNASIS" ]; then
44. SUBIT=""
45. else
46. SUBIT="su - $JBOSS_USER -c "

47. fi
48.
49. if [ -n "$JBOSS_CONSOLE" -a ! -d "$JBOSS_CONSOLE" ]; then
50. # ensure the file exists
51. touch $JBOSS_CONSOLE
52. if [ ! -z "$SUBIT" ]; then
53.

chown $JBOSS_USER $JBOSS_CONSOLE

54. fi
55. fi
56.
57. if [ -n "$JBOSS_CONSOLE" -a ! -f "$JBOSS_CONSOLE" ]; then
58. echo "WARNING: location for saving console log invalid: $JBOSS_CONSOLE"
59. echo "WARNING: ignoring it and using /dev/null"
60. JBOSS_CONSOLE="/dev/null"
61. fi
62.
63. #define what will be done with the console log
64. JBOSS_CONSOLE=${JBOSS_CONSOLE:-"/dev/null"}
65.
66. JBOSS_CMD_START="cd $JBOSS_HOME/bin; $JBOSSSH"
67. JBOSS_CMD_STOP=${JBOSS_CMD_STOP:-"java -classpath $JBOSSCP org.jbos
s.Shutdown --shutdown"}

68.
69. if [ -z "`echo $PATH | grep $JAVAPTH`" ]; then
70. export PATH=$PATH:$JAVAPTH
71. fi
72.
73. if [ ! -d "$JBOSS_HOME" ]; then
74. echo JBOSS_HOME does not exist as a valid directory : $JBOSS_HOME
75. exit 1
76. fi
77.
78. echo JBOSS_CMD_START = $JBOSS_CMD_START
79.
80. case "$1" in
81. start)
82.

cd $JBOSS_HOME/bin

83.

if [ -z "$SUBIT" ]; then

84.
85.

eval $JBOSS_CMD_START >${JBOSS_CONSOLE} 2>&1 &

else

86.

$SUBIT "$JBOSS_CMD_START >${JBOSS_CONSOLE} 2>&1 &"

87.

fi

88.

;;

89. stop)

90.

if [ -z "$SUBIT" ]; then

91.

$JBOSS_CMD_STOP

92.

else

93.

$SUBIT "$JBOSS_CMD_STOP"

94.

fi

95.

;;

96. restart)
97.

$0 stop

98.

$0 start

99.

;;

100.
101.
102.

*)
echo "usage: $0 (start|stop|restart|help)"
esac

Step 6: Run JBoss as a Service.

To run JBoss as a service and enable start up at boot, make the script we created
above executable and add it to our chkconfig so it starts at boot.
1.

[root@sv2 init.d]# chmod 755 jboss

2. [root@sv2 init.d]# chkconfig --add jboss

3. [root@sv2 init.d]# chkconfig --level 234 jboss on
We should now be able to Start, Stop, and Restart JBoss as a service.
Start JBoss:
Note: JBoss can take some time to start.

1.

[root@sv2 init.d]# service jboss start

2. JBOSS_CMD_START = cd /usr/share/jboss-5.1.0.GA/bin; /usr/share/jboss5.1.0.GA/bin/run.sh -c default -b 0.0.0.0

Stop JBoss:
1.

[root@sv2 init.d]# service jboss stop

2. JBOSS_CMD_START = cd /usr/share/jboss-5.1.0.GA/bin; /usr/share/jboss5.1.0.GA/bin/run.sh -c default -b 0.0.0.0

3. Shutdown message has been posted to the server.
4. Server shutdown may take a while - check logfiles for completion
Make sure JBoss is started and you should now be able to access the Jboss Console at:
http://yourdomain.com:8080 or http://yourip:8080

If you have any difficulties, check the logs and also insure that port 8080 is open

Step 7: Change the Admin Console Pasword.

The default user name and password for the JBoss Admin Console is admin/admin
To change the password, go to:
/usr/share/jboss-5.1.0.GA/server/default/conf/props
Edit the jmx-console-users.properties file, shown below

1. # A sample users.properties file for use with the UsersRolesLoginModule

2. admin=admin
The user name is at left and the password at right. Change the password to something
hard to guess ;-)

Step 8: Set JAVA_OPTS Memory Parameters

To set the memory limits for JBoss,
Got to: /usr/share/jboss-5.1.0.GA/bin
Open the run.sh file in a text editor.
Find the section below:
1. # Setup JBoss specific properties
2. JAVA_OPTS="-Dprogram.name=$PROGNAME $JAVA_OPTS"

Directly below this, add the desired parameters.

1. # Setup JBoss specific properties
2. JAVA_OPTS="-Dprogram.name=$PROGNAME $JAVA_OPTS"
3. JAVA_OPTS="$JAVA_OPTS -Xms128m -Xmx256m"

I'm installing this on a small VPS so I'm using JAVA_OPTS="$JAVA_OPTS -Xms128m

-Xmx256m". You should set this to whatever is appropriate to your server and
application.

Step 9: Running JBoss on Port 80.

To run services below port 1024 as user other than root, you can use port forwarding.
You can do this by adding the following to your IP tables:
1.

[root@sv2 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDI

RECT --to-ports 8080

2. [root@sv2 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j RED

IRECT --to-ports 8080

Step 10: Notes: Secure the JBoss Web Console, JMX Console,
JBossWS, and Tomcat Status Page.
This section will cover some simple and most basic methods of securing the consoles.
If you are simply running JBoss locally to have a look at it, you can skip this bit.
I've seen more elegent presentations of securing JBoss, so you may want to Google
this if you find below a bit clunky.
As with anything related to your application and server security, please consult the
docs.

Step 10a: Secure the JMX Console.

To secure the JMX Console, go to:
/usr/share/jboss-5.1.0.GA/server/default/deploy/jmx-console.war/WEB-INF
First, edit the web.xml file. Towards the bottom, you will find the security-constraint as
shown below:
1. <!-- A security constraint that restricts access to the HTML JMX console
2.

to users with the role JBossAdmin. Edit the roles to what you want and

3.

uncomment the WEB-INF/jboss-web.xml/security-domain element to enable

4.

secured access to the HTML JMX console.

5.

<security-constraint>

6.

<web-resource-collection>

7.

<web-resource-name>HtmlAdaptor</web-resource-name>

8.

<description>An example security config that only allows users with the

9.
10.

role JBossAdmin to access the HTML JMX console web application

</description>

11.

<url-pattern>/*</url-pattern>

12.

<http-method>GET</http-method>

13.

<http-method>POST</http-method>

14.

</web-resource-collection>

15.

<auth-constraint>

16.

<role-name>JBossAdmin</role-name>

17.

</auth-constraint>

18.

</security-constraint>

19.

-->

Un-comment the security-constraint section so it appears thus:

<security-constraint>
1.

<web-resource-collection>

2.

<web-resource-name>HtmlAdaptor</web-resource-name>

3.

<description>An example security config that only allows users with the

4.

role JBossAdmin to access the HTML JMX console web application

5.

</description>

6.

<url-pattern>/*</url-pattern>

7.

<http-method>GET</http-method>

8.

<http-method>POST</http-method>

9.

</web-resource-collection>

10.

<auth-constraint>

11.

<role-name>JBossAdmin</role-name>

12.

</auth-constraint>

13.

</security-constraint>

Next, still in the WEB-INF directory, edit the jboss-web.xml file, which will look as
below:
1. <!DOCTYPE jboss-web PUBLIC
2.

"-//JBoss//DTD Web Application 5.0//EN"

3.

"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">

4.
5. <jboss-web>
6.

<!-- Uncomment the security-domain to enable security. You will

7.

need to edit the htmladaptor login configuration to setup the

8.

login modules used to authentication users.

9.

<security-domain>java:/jaas/jmx-console</security-domain>

10.

-->

11. </jboss-web>
Uncomment the security-domain so it appears thus:
1. <jboss-web>
2.
3.

<security-domain>java:/jaas/jmx-console</security-domain>

4.
5. </jboss-web>

At this point, the password for the JMX Console will be the same as the password we
set for the Admin Console at in in step 7a above. Both are using the java:/jaas/jmxconsole security domain.
You can, of course change this if you wish to create a stronger solution.

Step 10b: Secure the Web Console.

To secure the Web Console, go to:
/usr/share/jboss-5.1.0.GA/server/default/deploy/management/console-mgr.sar/webconsole.war/WEB-INF
As with the JMX Console, in the WEB-INF.xml un-comment the security constraint so it
appears thus:

1. <security-constraint>
2.

<web-resource-collection>

3.

<web-resource-name>HtmlAdaptor</web-resource-name>

4.

<description>An example security config that only allows users with the

5.

role JBossAdmin to access the HTML JMX console web application

6.

</description>

7.

<url-pattern>/*</url-pattern>

8.

<http-method>GET</http-method>

9.

<http-method>POST</http-method>

10.

</web-resource-collection>

11.

<auth-constraint>

12.

<role-name>JBossAdmin</role-name>

13.

</auth-constraint>

14.

</security-constraint>

Still in the WEB-INF directory, go to the jboss-web.xml file.

By default, The jboss-web.xml file will appear as below:

1. <?xml version='1.0' encoding='UTF-8' ?>

2.
3. <!DOCTYPE jboss-web
4.

PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"

5.

"http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

6.
7. <jboss-web>
8.
9.

<!-- Uncomment the security-domain to enable security. You will

10.

need to edit the htmladaptor login configuration to setup the

11.

login modules used to authentication users.

12.

<security-domain>java:/jaas/web-console</security-domain>

13.

-->

14.
15.

<!-- The war depends on the -->

16.

<depends>jboss.admin:service=PluginManager</depends>

17. </jboss-web>

Un-comment the security-domain so it appears thus:

1. <jboss-web>
2.
3.

<security-domain>java:/jaas/web-console</security-domain>

4.
5.
6.
7.

<depends>jboss.admin:service=PluginManager</depends>

8. </jboss-web>

Now, we need to make a change to the go to login-config.xml file located under

/usr/share/jboss-5.1.0.GA/server/default/conf/
Open the login-config.xml and look for the section below:

1. <application-policy name="web-console">
2.
3.

<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" fl
ag="required">

4.

<module-option name="usersProperties">web-consoleusers.properties</module-option>

5.

<module-option name="rolesProperties">web-consoleroles.properties</module-option>

6.

</login-module>

7.

</authentication>

8.

</application-policy>

Add 'props/' to the path of the web-console-users.properties and web-consoleroles.properties

So the section will now appear thus:

1. <application-policy name="web-console">
2.
3.

<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" fl
ag="required">

4.

<module-option name="usersProperties">props/web-consoleusers.properties</module-option>

5.

<module-option name="rolesProperties">props/web-consoleroles.properties</module-option>

6.

</login-module>

7.

</authentication>

8.

</application-policy>

Finally, go to /root/jboss-5.1.0.GA/server/default/conf/props and create the following

files:
1. web-console-roles.properties
The web-console-roles.properties file should contain the following:
1. admin=JBossAdmin,HttpInvoker
2. web-console-users.properties
The web-console-users.properties file should contain the following:
1. admin=WebSecret

Where 'WebSecret' is whatever you would like the password to be. If you wish to be
able to access the Web Console with the same password as for the Admin and JMX
console, simply use the same password here.

Step 10c: Secure the JBossWS.

The procedure for securing the JBossWS is virtually identical to securing the JMXConsole, save the difference in file loactions.
To secure the JBossWS, go to:
/usr/share/jboss-5.1.0.GA/server/default/deploy/jbossws.sar/jbosswsmanagement.war/WEB-INF
First, edit the web.xml file. Locate the security-constraint (about half-way down the
file), and un-comment it so it appears thus:
1. <security-constraint>
2.

<web-resource-collection>

3.

<web-resource-name>ContextServlet</web-resource-name>

4.

<description>An example security config that only allows users with the

5.

role 'friend' to access the JBossWS console web application

6.

</description>

7.

<url-pattern>/*</url-pattern>

8.

<http-method>GET</http-method>

9.

<http-method>POST</http-method>

10.

</web-resource-collection>

11.

<auth-constraint>

12.

<role-name>friend</role-name>

13.

</auth-constraint>

14.

</security-constraint>

Next, still in the WEB-INF directory, edit the jboss-web.xml file.

Un-comment the security-domain so it appears thus:
1. <?xml version="1.0" encoding="ISO-8859-1"?>
2.
3. <!DOCTYPE jboss-web
4.

PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"

5.

"http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

6.
7. <jboss-web>
8.
9.
10. <security-domain>java:/jaas/JBossWS</security-domain>
11.
12.
13. <context-root>jbossws</context-root>
14.
15. </jboss-web>
In the /props directory you will find the jbossws-roles.properties and jbosswsusers.properties files.
The default role is 'friend' with user name 'Kermit' and password 'the frog'
jbossws-roles.properties:

1. # A sample roles.properties file for use with the UsersRolesLoginModule

2. kermit=friend
jbossws-users.properties:
1. # A sample users.properties file for use with the UsersRolesLoginModule
2. kermit=thefrog
Change the user name and password.

Step 10d: Secure the Tomcat Status Page.

Many would recommend simply disabling the Tomcat Status.
If you wish to secure it, however, go to:
/usr/share/jboss-5.1.0.GA/server/default/deploy/ROOT.war/WEB-INF
Just before the closing web-app tag add the following to the end of the web.xml file:
1. <security-constraint>
2.
3.

<security-constraint>
<web-resource-collection>

4.

<web-resource-name>HtmlAdaptor</web-resource-name>

5.

<description>An example security config that only allows users with the

6.

role JBossAdmin to access the HTML JMX console web application

7.

</description>

8.

<url-pattern>/status</url-pattern>

9.

<http-method>GET</http-method>

10.

<http-method>POST</http-method>

11.

</web-resource-collection>

12.
13.

<auth-constraint>
<role-name>TomcatStatus</role-name>

14.

</auth-constraint>

15.

</security-constraint>

16.
17.
18.

<login-config>

19.

<auth-method>BASIC</auth-method>

20.

<realm-name>TomcatStatus</realm-name>

21.

</login-config>

22.
23.
24.
25.

<security-role>
<role-name>TomcatStatus</role-name>
</security-role>

Your web.xml file should now look thus:

1. <?xml version="1.0" encoding="ISO-8859-1"?>

2.
3. <!DOCTYPE web-app
4.

PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"

5.

"http://java.sun.com/dtd/web-app_2_3.dtd">

6.

7. <web-app>
8.

<display-name>Welcome to JBoss</display-name>

9.

<description>

10.

Welcome to JBoss

11. </description>
12. <servlet>
13.

<servlet-name>Status Servlet</servlet-name>

14.

<servlet-class>org.jboss.web.tomcat.service.StatusServlet</servlet-class>

15. </servlet>
16. <servlet-mapping>
17.

<servlet-name>Status Servlet</servlet-name>

18.

<url-pattern>/status</url-pattern>

19. </servlet-mapping>
20.
21.
22.
23. <security-constraint>
24.

<web-resource-collection>

25.

<web-resource-name>HtmlAdaptor</web-resource-name>

26.

<description>An example security config that only allows users with the

27.
28.

role JBossAdmin to access the HTML JMX console web application

</description>

29.

<url-pattern>/status</url-pattern>

30.

<http-method>GET</http-method>

31.

<http-method>POST</http-method>

32.

</web-resource-collection>

33.

<auth-constraint>

34.

<role-name>TomcatStatus</role-name>

35.

</auth-constraint>

36.

</security-constraint>

37.
38.
39.

<login-config>

40.

<auth-method>BASIC</auth-method>

41.

<realm-name>TomcatStatus</realm-name>

42.

</login-config>

43.
44.
45.
46.

<security-role>
<role-name>TomcatStatus</role-name>
</security-role>

47.
48.
49.
50. </web-app>

Still in the /usr/share/jboss-5.1.0.GA/server/default/deploy/ROOT.war/ directory,

create a jboss-web.xml file with the following contents:
1. <jboss-web>
2.
3.

<security-domain>java:/jaas/tomcat-status</security-domain>

4.
5. </jboss-web>
Go to /usr/share/jboss-5.1.0.GA/server/default/conf
Look for the following section:
1. <application-policy name="web-console">
2.
3.

<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

4.

flag="required">

5.

<module-option name="usersProperties">props/web-consoleusers.properties</module-option>

6.

<module-option name="rolesProperties">props/web-consoleroles.properties</module-option>

7.

</login-module>

8.

</authentication>

9.

</application-policy>

Directly under this section, add the following entry:

1. <application-policy name="tomcat-status">
2.

<authentication>

3.

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

4.

flag="required">

5.

<module-option name="usersProperties">props/tomcat-statususers.properties</module-option>

6.

<module-option name="rolesProperties">props/tomcat-statusroles.properties</module-option>

7.

</login-module>

8.

</authentication>

9.

</application-policy>

Now, in the /usr/share/jboss-5.1.0.GA/server/default/conf/props directory, create the

following two files:
1. tomcat-status-roles.properties
The tomcat-status-roles.properties file should contain the following:
1. admin=TomcatStatus
2. tomcat-status-users.properties
The tomcat-status-users.properties file should contain the following:
1. admin=TomcatSecret
Where 'TomcatSecret' is whatever you would like the password to be. If you wish to be
able to access the Web Console with the same password as for the Admin and JMX
console, simply use the same password here.
Again, you may find it simpler to just disable the Tomcat Status.

http://community.jboss.org/