db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by DanDebrunner
Date Tue, 19 Feb 2008 23:22:32 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/JMXSecurityExpectations

------------------------------------------------------------------------------
   * Disable SSL for remote clients (setting com.sun.management.jmxremote.ssl=false)
  So if remote mangagement is enabled then by default it is authenticated and uses SSL.
  ==== No Security Manager (remote) ====
- With no security manager then any authenticated remote jmx client may access any MBean including
reading its attributes, writing its updatable attributes and invoking its operations subject
to its JMX access level.
+  * Any authenticated (or any user if there is no JMX authentication) remote jmx client may
access any MBean including reading its attributes, writing its updatable attributes and invoking
its operations.
  ==== Security Manager (remote) ====
- With a security manager any authenticated remote jmx client is limited to its permissions
in the policy file and its JMX access level. Permissions can be granted at a fine grained
level on a per-JMXPrincipal basis. E.g. a JMXPrincipal could be given the permission only
to read a single attribute from a single MBean with a given !ObjectName.
+  * Any authenticated remote jmx client is limited to its permissions in the policy file
and its JMX access level. Permissions can be granted at a fine grained level on a per-JMXPrincipal
basis. E.g. a JMXPrincipal could be given the permission only to read a single attribute from
a single MBean with a given !ObjectName.
+  * If JMX authentication is not enabled then any user can connect via JMX and has all permissions
related to MBean management.
  Installing a security manager should be recommended if enabling remote JMX monitoring.
+  * If some action on a Derby MBean requires some security permission then that will fail
unless the permission has been granted to Derby's code or the authenticated JMXPrincipal (when
JMX authentication is enabled).
  
  == Notes/Issues ==
  

Mime
View raw message