db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3462) Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
Date Fri, 14 Mar 2008 15:16:24 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578800#action_12578800
] 

Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------

> If JMX authentication is enabled, and the custom policy file includes permissions for
a specific user to perform a set of JMX actions, then are the above mentioned permissions
still needed for derby.jar,

It's standard Java permission use, which I didn't think I wanted to explain in a comment in
an internal policy file :-)

The permission needs to be granted to protection domains on the stack including derby.jar,
since that is the code executing the permission check.
When Java Subject based authentication is used then the permission must be granted to those
subjects as well.

So at one level it's hard to answer the question because I don't know what permissions are
granted in the custom policy file.
E.g. this in the policy file (guide only not exact syntax)

grant principal JMXPrincipal "DAN" {
  permission SystemPermission "jmx", "control";
}

grants jmx control permission for the DAN for all code bases, thus no additional grant would
be required.

The following would not be sufficient as the code calling into Derby (the system jmx code
in some cases) does not have the required permission.
Even though it is system code the permission needs to be granted to the code and the Subject
in each domain, and the Subject (containing JMXPrincipal DAN) is not granted permissions outside
of the protection domain including derby.jar

grant codebase "file...derby.jar" principal JMXPrincipal "DAN" {
  permission SystemPermission "jmx", "control"
}


> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's
JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3462
>                 URL: https://issues.apache.org/jira/browse/DERBY-3462
>             Project: Derby
>          Issue Type: Sub-task
>          Components: JMX, Security
>            Reporter: Daniel John Debrunner
>            Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message