qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Gemmell (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Updated: (QPID-1511) JMX Interface does not require authentication
Date Fri, 19 Dec 2008 14:15:44 GMT

     [ https://issues.apache.org/jira/browse/QPID-1511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Gemmell updated QPID-1511:
---------------------------------

    Attachment: QPID-1511_wip_19dec2008.patch

I have made a new patch of the progress on this, QPID-1511_wip_19dec2008.patch. It uses SSL
and to encrypt the RMI based connections and performs user authentication. The RMI based connector
server is now subject to the access rights system like the JMXMP based connector server is.
The JMXMP capability is retained with the patch, but is all collected within a single if statement
and so easily removed, as has been discussed (i think it would be good to have 1 revision
where its there before removing it).

I know Aidan is doing work in this area to combine common management functionality for the
console and cli that will invalidate this version of the patch, but i thought it would be
useful for clarity to put it up just now, i will roll another when thats done. This patch
also incorporates/alters changes i posted in a patch to QPID-1532 which havent been commited
yet.

I actually wouldnt recommend adding this stuff until after the post-M4 release of the console
anyway, and once the MBean compatibility issues have been discussed. These features will allow
prevention of old management consoles connecting to new brokers which implement whatever compatibility
solution is determined.

> JMX Interface does not require authentication
> ---------------------------------------------
>
>                 Key: QPID-1511
>                 URL: https://issues.apache.org/jira/browse/QPID-1511
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker, Java Management : JMX Console
>    Affects Versions: M1, M2, M2.1, M3, M4
>            Reporter: Martin Ritchie
>         Attachments: QPID-1511_wip_19dec2008.patch, QPID-1511_wip_8dec2008.patch
>
>
> Summary:
> JMX Interface uses the default RMI connector which has no authentication mechanism. We
should not be shipping a JMX interface that doesn't have authentication. The interface has
been disabled by default for M4 but this should be modified based on the outcome of the discussion
on qpid-dev to authenticate all connections.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message