db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by DanDebrunner
Date Tue, 19 Feb 2008 20:39:10 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/JMXSecurityExpectations

------------------------------------------------------------------------------
  
   * '''JMX Authentication (''jmx-authc''):'''
     A user trying to access Derby's JMX services may need to provide some kind of credentials
(prove her identity) in order to connect to the `MBeanServer.` Whether or not to require JMX
authentication is up to the VM-Admin. 
-    * If '''JMX Authentication''' is enabled then '''JMX Access''' is required. This is a
simple authorization scheme (c.f. Derby's connection level authorization) that defines JMX
authentication users as either '''readwrite''' or '''readonly'''. Note that finer grained
authorization is provided by the policy file for the security manager.
+    * If '''JMX Authentication''' is enabled then '''JMX Access''' is required. This is a
simple authorization scheme (c.f. Derby's connection level authorization) that defines JMX
authentication users as either '''readwrite''' or '''readonly'''. Note that finer grained
authorization is provided by the policy file for the security manager. This access level seems
to be enforced by the security manager.
       * '''readwrite''' can read and write attributes and invoke operations on MBeans.
       * '''readonly''' can only read attributes on MBeans.
  
   * '''JMX Authorization (''jmx-authz''):''' 
     Once authenticated, a user may be granted a certain set of rights to perform certain
JMX-related actions (read/write attributes, invoke
-    operations, register MBeans, etc.) through standard Java security manager permissions.
When authorization is disabled by there not being a security manager on the jvm being monitored,
any valid JMX user may use and access all services offered by the Management Service subject
to their JMX access level.
+    operations, register MBeans, etc.) through standard Java security manager permissions.
When authorization is disabled by there not being a security manager on the jvm being monitored,
any valid JMX user may use and access all services offered by the Management Service.
     
   * '''Derby system level authentication (''derby-authc''):'''
     The system-wide property `derby.connection.requireAuthentication` is `true`.

Mime
View raw message