karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Dillon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-3147) Local JMX connect is not possible
Date Thu, 02 Apr 2015 17:26:53 GMT

    [ https://issues.apache.org/jira/browse/KARAF-3147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14392989#comment-14392989
] 

Jason Dillon commented on KARAF-3147:
-------------------------------------

[~jbonofre] ...

IIUC RBAC shouldn't be on the _local_ connection that is what is breaking default use of the
platform MBeanServer and causing local jvisualvm/jconsole usage to fail.  If you are trying
to get RBAC on local and remote, then I think that my be fundamentally incorrect implementation,
since on a local connection you can not set any authentication.

The connector server is being passed a reference to the MBeanServer, is it not actually using
that to invoke operations for remote requests?  I would assume it would, otherwise unsure
why it would get a reference to the server.  And if it is, then you can apply RBAC around
that instance, so that remote calls are guarded, but local access is not.

http://docs.oracle.com/javase/7/docs/api/javax/management/remote/JMXConnectorServerFactory.html#newJMXConnectorServer(javax.management.remote.JMXServiceURL,%20java.util.Map,%20javax.management.MBeanServer)

Looks like it says if you pass it an MBeanServer instance, this is what the connector will
be attached too, unless I'm reading the javadoc wrong.

So I don't think you need KarafMBeanServerBuilder to provide RBAC to remote connections and
I don't think local connections should have RBAC.  Simply wrap the MBeanServer with RBAC-providing
guard when handing out remote JMX connectors.  I suppose you could provide a reference to
an RBAC MBeanServer for tools that are security aware (say cli commands or something) but
I don't think the platform MBeanServer can/should be guarded with RBAC.

> Local JMX connect is not possible
> ---------------------------------
>
>                 Key: KARAF-3147
>                 URL: https://issues.apache.org/jira/browse/KARAF-3147
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-core
>    Affects Versions: 3.0.1
>         Environment: OS X, JDK 7
>            Reporter: Achim Nierbeck
>            Assignee: Jean-Baptiste Onofré
>            Priority: Critical
>             Fix For: 4.0.0, 2.4.2, 3.0.4
>
>
> With neither local process nor with remote jmx connection 
> {code}
> service:jmx:rmi://0.0.0.0:44444/jndi/rmi://0.0.0.0:1099/karaf-root
> {code}
> it's possible to connect to Karaf via JMX. 
> Neither JConsole nor VisualVM is usable. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message