...
1. Locate the <security-constraint> element (around line 101) in the file
jboss-5.1.0.GA/server/default/deploy/jmx-console.war/WEB-INF/web.xml
...
4. Note that it is not good practice to run any web service as a privileged user (e.g. "root"). Therefore, to minimizie your risk overall, you should run JBoss under an unprivileged account.