karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Dillon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-3147) Local JMX connect is not possible
Date Thu, 02 Apr 2015 17:26:53 GMT

    [ https://issues.apache.org/jira/browse/KARAF-3147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14392989#comment-14392989

Jason Dillon commented on KARAF-3147:

[~jbonofre] ...

IIUC RBAC shouldn't be on the _local_ connection that is what is breaking default use of the
platform MBeanServer and causing local jvisualvm/jconsole usage to fail.  If you are trying
to get RBAC on local and remote, then I think that my be fundamentally incorrect implementation,
since on a local connection you can not set any authentication.

The connector server is being passed a reference to the MBeanServer, is it not actually using
that to invoke operations for remote requests?  I would assume it would, otherwise unsure
why it would get a reference to the server.  And if it is, then you can apply RBAC around
that instance, so that remote calls are guarded, but local access is not.


Looks like it says if you pass it an MBeanServer instance, this is what the connector will
be attached too, unless I'm reading the javadoc wrong.

So I don't think you need KarafMBeanServerBuilder to provide RBAC to remote connections and
I don't think local connections should have RBAC.  Simply wrap the MBeanServer with RBAC-providing
guard when handing out remote JMX connectors.  I suppose you could provide a reference to
an RBAC MBeanServer for tools that are security aware (say cli commands or something) but
I don't think the platform MBeanServer can/should be guarded with RBAC.

> Local JMX connect is not possible
> ---------------------------------
>                 Key: KARAF-3147
>                 URL: https://issues.apache.org/jira/browse/KARAF-3147
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-core
>    Affects Versions: 3.0.1
>         Environment: OS X, JDK 7
>            Reporter: Achim Nierbeck
>            Assignee: Jean-Baptiste Onofré
>            Priority: Critical
>             Fix For: 4.0.0, 2.4.2, 3.0.4
> With neither local process nor with remote jmx connection 
> {code}
> service:jmx:rmi://
> {code}
> it's possible to connect to Karaf via JMX. 
> Neither JConsole nor VisualVM is usable. 

This message was sent by Atlassian JIRA

View raw message