db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by DanDebrunner
Date Mon, 18 Feb 2008 17:58:27 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/JMXSecurityExpectations

------------------------------------------------------------------------------
        * Isn't passing '''derby-authc''' required if it has been enabled programmatically,
unless `derby.database.propertiesOnly=true`?
        * No, to connect to a database only database authentication is needed. ('''db-authc'''').
  
+ == JMX Security setups ==
+ === Local JMX ===
+ A jvm may be setup to automatically provide local jmx access. In this case the OS user running
the client must match the OS user that started the jvm being monitored.
+  * /!\ Not sure how JMX access level fits in here.
+ ==== No Security Manager (local) ====
+  * With no security manager then any authenticated remote jmx client may access any MBean
including reading its attributes, writing its updatable attributes and invoking its operations
''subject to its JMX access level ??''.
+ ==== Security Manager (local) ====
+  * /!\ Haven't looked into how this works, what would the principal name be?
+ === Remote JMX ===
+ Explicit actions are required by the JVM admin to:
+  * Enable remote management via jmx (setting com.sun.management.jmxremote=true, com.sun.management.jmxremote.port)
+  * Disable authentication (setting com.sun.management.jmxremote.authenticate=false)
+  * Disable SSL for remote clients (setting com.sun.management.jmxremote.ssl=false)
+ So if remote mangagement is enabled then by default it is authenticated and uses SSL.
+ ==== No Security Manager (remote) ====
+ With no security manager then any authenticated remote jmx client may access any MBean including
reading its attributes, writing its updatable attributes and invoking its operations subject
to its JMX access level.
+ ==== Security Manager (remote) ====
+ With a security manager any authenticated remote jmx client is limited to its permissions
in the policy file and its JMX access level. Permissions can be granted at a fine grained
level on a per-JMXPrincipal basis. E.g. a JMXPrincipal could be given the permission only
to read a single attribute from a single MBean with a given !ObjectName.
+ Installing a security manager should be recommended if enabling remote JMX monitoring.
+ 
  == Notes/Issues ==
  
   * '''jmx-authc''' should be closely tied to derby-authc so that a user does not have to
authenticate twice (or more) in order to use a system-level MBean. 

Mime
View raw message