All,
I am trying to set up the jmx proxy servlet and am kinda stuck on security.
I would like to:
- restrict access to localhost
- restrict access to require basic authentication
Currently it works, though in the wrong order. This is how the request is
being processed right now:
1) user accesses /infra/jmx
2) user has to authenticate
3) user is being denied
Is it possible to switch step 2 and 3?
Relevant parts of web.xml, webapp is called infra:
<servlet>
<servlet-name>JMXProxy</servlet-name>
<servlet-class>org.apache.catalina.manager.JMXProxyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>JMXProxy</servlet-name>
<url-pattern>/jmx/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>JMX Proxy interface</web-resource-name>
<url-pattern>/jmx/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>jmx</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JMX Proxy</realm-name>
</login-config>
<security-role>
<description>
The role that is required to access the JMX Proxy
</description>
<role-name>jmx</role-name>
</security-role>
