db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen" <John.Embret...@Sun.COM>
Subject Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen
Date Fri, 08 Feb 2008 18:35:25 GMT
Daniel John Debrunner wrote:
> John Embretsen wrote:
>> Daniel John Debrunner wrote:

>>> The SystemMBean section is really talking about if an attribute or 
>>> operation is visible or useable by a specific jmx-user, not if the 
>>> bean is enabled or not.
>> My intention was to talk about if the entire bean is enabled 
>> (registered) or not. But perhaps my thinking is flawed. I guess I was 
>> basing this description upon one possible way to implement this kind 
>> of control, by not letting the bean be registered if the JMX user has 
>> not been authenticated (we may for instance put logic in a 
>> preRegister() method of the MBean).
> Maybe I'm confused. I thought Derby's MBeans were registered by Derby's 
> code, not a jmx-user. Once a mbean was registered any jmx-user could see 
> it?

Yes, that's true. Though in theory it is possible for a jmx-user to 
register MBeans as well, e.g. by using 
javax.management.MBeanServerConnection#createMBean() methods. But that 
was not what I was thinking about when I wrote that page.

> Is there another step where the mbean gets registered in the view of the 
> jmx-user connecting to the system?

My thinking was flawed in the sense that I did not remember to consider 
the fact that, currently, the SystemMbean is enabled automatically at 
Derby boot-time. I need to re-think this and update the wiki, but I'll 
probably take a break first to recharge ;) Though feel free to edit the 
wiki page if you want...


View raw message