qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aidan Skinner" <ai...@apache.org>
Subject Re: JMXManagedObjectRegistry and AMQUserManagementMBean can potentially use different PrincipalDatabases
Date Mon, 01 Dec 2008 09:32:11 GMT
On Mon, Dec 1, 2008 at 2:47 AM, Robbie Gemmell <gemmellr@dcs.gla.ac.uk> wrote:

> Noticed something earlier when playing with different database types. The
> JMXManagedObjectRegistry and AMQUserManagementMBean classes related to the
> JMX management features dont use the same terms of selection/assignment for
> the PrincipalDatabase they should use, and so can potentially use different
> databases. This would result in management console connections being
> authenticated through one principal database, and the console's
> usermanagement capabilities modifying a different principal database. Is
> that by design (eg, allowing JMX management specific accounts??) or is it
> option number 2, a bug ? Thought id enquire to make sure before cluttering
> the JIRA J

This by design. Admin rights and AMQP rights are different concepts.

> AMQUserManagementMBean has its principal database set according to the
> broker.security.jmx.principal-database element from the configuration file,
> and is set at startup by the ConfigurationFilePrincipalDatabaseManager
> .initialisePrincipalDatabase() method, just before the
> JMXManagedObjectRegistry is created, which itself acquires a list of all the
> principal databases from the application registry and loops through them,
> selecting either the first Base64MD5PasswordFilePrincipalDatabase it finds,
> or if it find none then uses the last PlainPasswordFilePrincipalDatabase it
> encounters.

I've always thought that this was a rather weird way of doing it, we
should clean that up and make it more obvious.

- Aidan

-- 
Apache Qpid - World Domination through Advanced Message Queueing
http://cwiki.apache.org/qpid
"Have we anything resembling a plan?" "Mm-hm. Ride till we find
them... and kill them all." - The 13th Warrior

Mime
View raw message