qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Created: (QPID-2189) only admin level users can complete connection to or below (when configured to use <security-enabled> / JMXMP)
Date Fri, 06 Nov 2009 09:14:32 GMT
only admin level users can complete connection to or below (when configured to use
<security-enabled> / JMXMP)

                 Key: QPID-2189
                 URL: https://issues.apache.org/jira/browse/QPID-2189
             Project: Qpid
          Issue Type: Bug
          Components: Java Management : JMX Console
    Affects Versions: 0.6
            Reporter: Robbie Gemmell
            Assignee: Robbie Gemmell
             Fix For: 0.6

Only admin level users can complete connection to, or older brokers configured to
use <security-enabled> / JMXMP for their management connection.

Thisis due to the new console using a fallback method to determine what 'Qpid JMX API' version
to classify the broker as supporting. In doing so, the console queries the MbeanServerConnection
for the existence of the UserManagement MBean using an exact match for its 'type' key. Whilst
other calls to the same queryNames method will return the UserManagement MBean's ObjectName,
the broker uses the exact type of this MBean to prevent non-admin users from actually accessing
it and so when the query is an exact match is placed in the query this raises a SecurityException
and causes the connection to fail.

The solution is to change the query to use an ObjectName pattern to match the UserManagement
MBean which will still match only the Mbean in question but prevent the security check from
denying the request.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

View raw message