One of the most important tasks for the system administrator is restricting access to the server management interfaces. Without a security policy, every user can gain access to the application server and modify its properties.
The attribute that is used to switch on security on the management interface is a security realm that needs to be defined within the security-realms section. Have a look at the following code:
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization...