qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell" <robbie.gemm...@quasareclipse.co.uk>
Subject JMXManagedObjectRegistry and AMQUserManagementMBean can potentially use different PrincipalDatabases
Date Mon, 01 Dec 2008 02:19:23 GMT
Noticed something earlier when playing with different database types. The
JMXManagedObjectRegistry and AMQUserManagementMBean classes related to the
JMX management features dont use the same terms of selection/assignment for
the PrincipalDatabase they should use, and so can potentially use different
databases. This would result in management console connections being
authenticated through one principal database, and the console's
usermanagement capabilities modifying a different principal database. Is
that by design (eg, allowing JMX management specific accounts??) or is it
option number 2, a bug ? Thought id enquire to make sure before cluttering
the JIRA J

 

AMQUserManagementMBean has its principal database set according to the
broker.security.jmx.principal-database element from the configuration file,
and is set at startup by the ConfigurationFilePrincipalDatabaseManager
.initialisePrincipalDatabase() method, just before the
JMXManagedObjectRegistry is created, which itself acquires a list of all the
principal databases from the application registry and loops through them,
selecting either the first Base64MD5PasswordFilePrincipalDatabase it finds,
or if it find none then uses the last PlainPasswordFilePrincipalDatabase it
encounters.

 

Robbie


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message