One of the most important tasks for the system administrator is restricting access to the server management interfaces. Without a security policy, every user can gain access to the application server and modify its properties.
The attribute that is used to switch on security on the management interface is a security realm that needs to be defined within the
security-realms section. Have a look at the following code:
<management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local" skip-group-loading="true"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties ...