Index: testsuite/src/main/org/jboss/test/security/test/authorization/HttpRequestJmxAuthenticationUnitTestCase.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/test/authorization/HttpRequestJmxAuthenticationUnitTestCase.java	(revision 0)
+++ testsuite/src/main/org/jboss/test/security/test/authorization/HttpRequestJmxAuthenticationUnitTestCase.java	(revision 0)
@@ -0,0 +1,110 @@
+package org.jboss.test.security.test.authorization;
+
+import java.net.*;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+
+public class HttpRequestJmxAuthenticationUnitTestCase extends JBossTestCase {
+	
+	private URL u;
+	private HttpURLConnection con;
+	private static final String GET = "GET";
+	private static final String POST = "POST";
+	private static final String HEAD = "HEAD";
+	private static final String OPTIONS = "OPTIONS";
+	private static final String PUT = "PUT";
+	private static final String DELETE = "DELETE";
+	private static final String TRACE = "TRACE"; 
+	private static final String TEST_JMX_CONSOLE = "jmx-console-secure";
+	
+	public HttpRequestJmxAuthenticationUnitTestCase(String name){
+		super(name);
+	}
+	
+   public static Test suite() throws Exception
+   {
+      TestSuite suite = new TestSuite();
+      suite.addTest(new TestSuite(HttpRequestJmxAuthenticationUnitTestCase.class));
+      // Create an initializer for the test suite
+      TestSetup wrapper = new JBossTestSetup(suite)
+      {
+         @Override
+         protected void setUp() throws Exception
+         {
+            super.setUp();
+            deploy(TEST_JMX_CONSOLE+".war");
+         }
+
+         @Override
+         protected void tearDown() throws Exception
+         {
+            undeploy(TEST_JMX_CONSOLE+".war");
+            super.tearDown();
+         }
+      };
+      return wrapper;
+   }
+
+	public void testGet() throws Exception {
+		con.setRequestMethod(GET);
+		con.connect();			
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	public void testPost() throws Exception {
+		con.setRequestMethod(POST);
+		con.connect();
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	public void testHead() throws Exception {
+		con.setRequestMethod(HEAD);
+		con.connect();			
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	public void testOptions() throws Exception {
+		con.setRequestMethod(OPTIONS);
+		con.connect();
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	public void testPut() throws Exception {
+		con.setRequestMethod(PUT);
+		con.connect();			
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	public void testTrace()  throws Exception {
+		con.setRequestMethod(TRACE);
+		con.connect();
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	public void testDelete()  throws Exception {
+		con.setRequestMethod(DELETE);
+		con.connect();
+		assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, con.getResponseCode());
+	}
+	
+	protected void setUp() throws Exception {
+		u = new URL("http://" + getServerHost() + ":8080/"+TEST_JMX_CONSOLE);
+		con = (HttpURLConnection) u.openConnection();
+		try {
+			con.setDoInput(true);
+			con.setRequestProperty("Cookie","MODIFY ME IF NEEDED");
+		} finally {
+			con.disconnect();
+		}
+	}
+	
+	protected void tearDown(){
+		if (con != null)
+			con.disconnect();
+	}
+}
Index: testsuite/src/resources/security/jmx/jmx-console.war/WEB-INF/jboss-web.xml
===================================================================
--- testsuite/src/resources/security/jmx/jmx-console.war/WEB-INF/jboss-web.xml	(revision 0)
+++ testsuite/src/resources/security/jmx/jmx-console.war/WEB-INF/jboss-web.xml	(revision 0)
@@ -0,0 +1,12 @@
+<!DOCTYPE jboss-web PUBLIC
+   "-//JBoss//DTD Web Application 5.0//EN"
+   "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
+   
+<jboss-web>
+   <!-- Uncomment the security-domain to enable security. You will
+      need to edit the htmladaptor login configuration to setup the
+      login modules used to authentication users.
+   -->
+      <security-domain>java:/jaas/jmx-console</security-domain>
+      <context-root>jmx-console-secure</context-root>
+</jboss-web>
Index: testsuite/src/resources/security/jmx/jmx-console.war/WEB-INF/web.xml
===================================================================
--- testsuite/src/resources/security/jmx/jmx-console.war/WEB-INF/web.xml	(revision 0)
+++ testsuite/src/resources/security/jmx/jmx-console.war/WEB-INF/web.xml	(revision 0)
@@ -0,0 +1,122 @@
+<?xml version="1.0"?>
+<web-app version="2.5"
+   xmlns="http://java.sun.com/xml/ns/javaee"
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+   
+   <description>The standard web descriptor for the html adaptor</description>
+   <!--
+    <filter>
+      <filter-name>JmxOpsAccessControlFilter</filter-name>
+      <filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
+      <init-param>
+        <description>Comma-delimited Roles that define the JMX Operation denoting updation of Attributes</description>
+        <param-name>updateAttributes</param-name>
+        <param-value>UpdateAttributeRole</param-value>
+      </init-param>
+      <init-param>
+        <description>Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations</description>
+        <param-name>invokeOp</param-name>
+        <param-value>InvokeOpRole</param-value>
+      </init-param>
+   </filter>
+   <filter-mapping>
+      <filter-name>JmxOpsAccessControlFilter</filter-name>
+      <servlet-name>HtmlAdaptor</servlet-name>
+   </filter-mapping>
+   -->
+   <servlet>
+      <servlet-name>HtmlAdaptor</servlet-name>
+      <servlet-class>org.jboss.jmx.adaptor.html.HtmlAdaptorServlet</servlet-class>
+   </servlet>
+   <servlet>
+      <servlet-name>ClusteredConsoleServlet</servlet-name>
+      <servlet-class>org.jboss.jmx.adaptor.html.ClusteredConsoleServlet</servlet-class>
+      <init-param>
+         <description>The JGroups protocol stack config</description>
+         <param-name>jgProps</param-name>
+         <param-value>UDP(ip_mcast=true;ip_ttl=16;loopback=false;mcast_addr=${jboss.partition.udpGroup:228.1.2.3};mcast_port=${jboss.jmxconsolepartition.mcast_port:46666}):
+org.jboss.jmx.adaptor.control.FindView
+         </param-value>
+      </init-param>
+   </servlet>
+   <servlet>
+      <servlet-name>DisplayMBeans</servlet-name>
+      <jsp-file>/displayMBeans.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>InspectMBean</servlet-name>
+      <jsp-file>/inspectMBean.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>DisplayOpResult</servlet-name>
+      <jsp-file>/displayOpResult.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>ClusterView</servlet-name>
+      <jsp-file>/cluster/clusterView.jsp</jsp-file>
+   </servlet>
+   <servlet>
+      <servlet-name>ProfileServiceDebugServlet</servlet-name>
+      <servlet-class>org.jboss.profileservice.web.DebugServlet</servlet-class>
+   </servlet>
+
+   <servlet-mapping>
+      <servlet-name>HtmlAdaptor</servlet-name>
+      <url-pattern>/HtmlAdaptor</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>ClusteredConsoleServlet</servlet-name>
+      <url-pattern>/cluster/ClusteredConsole</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>DisplayMBeans</servlet-name>
+      <url-pattern>/DisplayMBeans</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>InspectMBean</servlet-name>
+      <url-pattern>/InspectMBean</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>DisplayOpResult</servlet-name>
+      <url-pattern>/DisplayOpResult</url-pattern>
+   </servlet-mapping>
+   <servlet-mapping>
+      <servlet-name>ProfileServiceDebugServlet</servlet-name>
+      <url-pattern>/ProfileServiceDebugServlet</url-pattern>
+   </servlet-mapping>
+
+   <!-- Display a generic error page when HTTP Status 500 exceptions
+        occur. --> 
+   <error-page>
+      <error-code>500</error-code>
+      <location>/genericError.jsp</location>
+   </error-page> 
+
+   <!-- A security constraint that restricts access to the HTML JMX console
+   to users with the role JBossAdmin. Edit the roles to what you want and
+   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
+   secured access to the HTML JMX console.
+   -->
+   <security-constraint>
+     <web-resource-collection>
+       <web-resource-name>HtmlAdaptor</web-resource-name>
+       <description>An example security config that only allows users with the
+         role JBossAdmin to access the HTML JMX console web application
+       </description>
+       <url-pattern>/*</url-pattern>
+     </web-resource-collection>
+     <auth-constraint>
+       <role-name>JBossAdmin</role-name>
+     </auth-constraint>
+   </security-constraint>
+
+   <login-config>
+      <auth-method>BASIC</auth-method>
+      <realm-name>JBoss JMX Console</realm-name>
+   </login-config>
+
+   <security-role>
+      <role-name>JBossAdmin</role-name>
+   </security-role>
+</web-app>
Index: testsuite/imports/sections/security.xml
===================================================================
--- testsuite/imports/sections/security.xml	(revision 102787)
+++ testsuite/imports/sections/security.xml	(working copy)
@@ -358,6 +358,18 @@
          </fileset>
        </jar>
 	 
+    <!--jmx-console-secured.war -->	
+    <war warfile="${build.lib}/jmx-console-secure.war"
+       webxml="${build.resources}/security/jmx/jmx-console.war/WEB-INF/web.xml">
+       <webinf dir="${build.resources}/security/jmx/jmx-console.war/WEB-INF">
+         <include name="jboss-web.xml"/>
+       </webinf>
+       <classes dir="${jboss.dist.server}/all/deploy/jmx-console.war/WEB-INF/classes"/>
+       <fileset dir="${jboss.dist.server}/all/deploy/jmx-console.war">
+       		<exclude name="WEB-INF/**/*"/> 
+       </fileset>
+    </war>   	
+   	
      <!--jmxinvoker-authorization-test.jar -->
     <jar destfile="${build.lib}/jmxinvoker-authorization-test.jar"> 
         <fileset dir="${build.resources}/jmx/jmxadaptor/">