db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3424) Add an MBean that an application can register to change the state of Derby's JMX management
Date Mon, 18 Feb 2008 16:42:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12569939#action_12569939
] 

Daniel John Debrunner commented on DERBY-3424:
----------------------------------------------

By log in I meant connect to the jmx of the remote jvm using jconsole. I was using jmx authentication
and a security manager on the remote jvm (the one running Derby).
Apart from the permissions in the spec additional permissions need to be granted to JMXPrincipals,
this works but is very general:

 grant principal javax.management.remote.JMXPrincipal * {
  permission javax.management.MBeanPermission "*", "*";
};

One can fine tune the MBeanPermission settings to allow only certain operations on certain
beans and obviously different permissions for different users.
Every action on an mbean implictly requires an MBeanPermission  permission.

I also discovered on the server side one can use -Djava.security.debug=access to produce a
log of access permissions, which helps in setting up any policy file.

> Add an MBean that an application can register to change the state of Derby's JMX management
> -------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3424
>                 URL: https://issues.apache.org/jira/browse/DERBY-3424
>             Project: Derby
>          Issue Type: New Feature
>            Reporter: Daniel John Debrunner
>            Assignee: Daniel John Debrunner
>            Priority: Minor
>
> JMX in Derby was originally proposed as a mechanism to configure Derby replacing or enhancing
the system properties which tend to be static in nature. Thus it is somewhat ironic that jmx
is enabled with a static system property derby.system.jmx.
> I propose to add a public mbean that allows the state Derby's JMX management to be changed.
This bean is not automatically registered by Derby if derby.system.jmx is false, but instead
can be registered by an application. I believe this could occur at any time so that JMX could
be enabled on a running application, possibly by a remote client.
> This standard Mbean (o.a.d.mbeans.Management & ManagementMBean) would have these
operations & attribute:
>     public boolean isManagementActive();
>     public void startManagement(); 
>     public void stopManagement();
> If Derby is not booted within the jvm then the operations would be no-ops.
> If derby.system.jmx is true then Derby will itself register an mbean that implements
ManagementMBean to allow dynamic control of the visibility of Derby's mbeans.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message