db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject JMX meeting system authorization (DERBY-2109 & 1387) WAS Re: [jira] Commented: (DERBY-1387) Add JMX extensions to Derby
Date Thu, 07 Feb 2008 18:26:20 GMT
Rick Hillegas wrote:
> Daniel John Debrunner wrote:
>> Rick Hillegas wrote:
>>
>>> In order to use JMX to monitor/configure Derby (and other 
>>> applications), I think that the following is true:
>>>
>>> DerbyNet-Admin => JMX-Admin
>>> Engine-Admin => JMX-Admin
>>> DB-Admin => JMX-Admin
>>> OtherApp-Admin => JMX-Admin
>>>
> Right. "VM-Admin => JMX-Admin" is my shorthand for "If you are a 
> VM-Admin, then you are a JMX-Admin".

It's also key to note that JMX-Admins can have different identities, so 
while OtherApp-Admin and DerbyNet-Admin may both be JMX-Admins, they may 
not be able to perform the same operations.

Derby's JMX and DERBY-2109 should be coming together so that the policy 
file can grant shutdown permission to JMXPrincipal('dan') and if I 
connect via jmx then I can shutdown the server without having to provide 
additional authentication. I think Rick pointed out that it was strange 
to have to authenticate twice to shutdown the server.

If the JMXPrincipal is not authorized to shutdown then an additional 
authentication step would be required to a become a valid (Derby) 
SystemPrincipal.

For this mode to be enabled some changes are needed to DERBY-2109:

  - Enforce Derby's security permissions if there is a security manager 
(regardless of Derby's authentication state)

  - Continue to support shutting the network server & engine down 
without authentication credentials but only from within the same virtual 
machine. This shutdown would require the Derby shutdown permission if a 
security manager was installed.

  - Ensure that the implementation follows the spec when it says that 
Derby's permissions can be granted to code or other non-Derby Principals.

With those changes to DERBY-2109 then the jmx beans could be expanded to 
support valid jmx users as system administrators.

Dan.


Mime
View raw message