db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen
Date Fri, 08 Feb 2008 17:47:04 GMT
John Embretsen wrote:
> Daniel John Debrunner wrote:
>>  JohnHEmbretsen wrote:
>>
>>>  * Let's simplify things by saying that MBeans have essentially two 
>>> states: ''enabled'' or ''disabled''
>>>     * An '''enabled''' (registered) MBean is visible/accessible to 
>>> any valid JMX user.
>>
>>>
>>> === SystemMBean ===
>>
>>>  * May be enabled only if system-wide authentication 
>>> ('''derby-authc''') is ''disabled'' in Derby (default),
>>
>> Nice page. Just to point out that the use of "enabled" in SystemMBean 
>> does not match the definition of "enabled" earlier in the page.
>>
>> The SystemMBean section is really talking about if an attribute or 
>> operation is visible or useable by a specific jmx-user, not if the 
>> bean is enabled or not.
> 
> My intention was to talk about if the entire bean is enabled 
> (registered) or not. But perhaps my thinking is flawed. I guess I was 
> basing this description upon one possible way to implement this kind of 
> control, by not letting the bean be registered if the JMX user has not 
> been authenticated (we may for instance put logic in a preRegister() 
> method of the MBean).

Maybe I'm confused. I thought Derby's MBeans were registered by Derby's 
code, not a jmx-user. Once a mbean was registered any jmx-user could see it?

Is there another step where the mbean gets registered in the view of the 
jmx-user connecting to the system?


Dan.




Mime
View raw message