db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Embretsen <John.Embret...@Sun.COM>
Subject Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen
Date Fri, 08 Feb 2008 17:41:48 GMT
Daniel John Debrunner wrote:
>  JohnHEmbretsen wrote:
> 
>>  * Let's simplify things by saying that MBeans have essentially two 
>> states: ''enabled'' or ''disabled''
>>     * An '''enabled''' (registered) MBean is visible/accessible to any 
>> valid JMX user.
> 
>>
>> === SystemMBean ===
> 
>>  * May be enabled only if system-wide authentication 
>> ('''derby-authc''') is ''disabled'' in Derby (default),
> 
> Nice page. Just to point out that the use of "enabled" in SystemMBean 
> does not match the definition of "enabled" earlier in the page.
> 
> The SystemMBean section is really talking about if an attribute or 
> operation is visible or useable by a specific jmx-user, not if the bean 
> is enabled or not.

My intention was to talk about if the entire bean is enabled (registered) or 
not. But perhaps my thinking is flawed. I guess I was basing this description 
upon one possible way to implement this kind of control, by not letting the bean 
be registered if the JMX user has not been authenticated (we may for instance 
put logic in a preRegister() method of the MBean).


-- 
John



Mime
View raw message