karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Lichtin <lich...@yahoo.com>
Subject Re: Is local access to MBeans also protected
Date Sun, 22 Mar 2015 14:13:02 GMT
Maybe I'm missing something, but a simple Pax run shows that MBeans are 
accessible:
E.g:

@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class JmxAccessPaxTest {
   public static final String GROUP_ID = "org.apache.karaf";
   public static final String ARTIFACT_ID = "apache-karaf";

   @Configuration
   public Option[] config() {
     return new Option[] {
karafDistributionConfiguration().frameworkUrl(maven().groupId(GROUP_ID).artifactId(ARTIFACT_ID).type("zip").versionAsInProject())
             .karafVersion(MavenUtils.getArtifactVersion(GROUP_ID, 
ARTIFACT_ID)).unpackDirectory(new 
File("target/paxexam/")).useDeployFolder(false),
         configureConsole().ignoreLocalConsole().startRemoteShell() };
   }

   @Test
   public void test_jmxAccess() throws Exception {
     MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
     ObjectName queryObjectName = new 
ObjectName("org.apache.karaf:type=*,name=*");
     Set<ObjectName> mySet = mbs.queryNames(queryObjectName, null);
     for (ObjectName on : mySet) {
       System.out.println(on.getCanonicalName());
     }
     ObjectName karafLog = new 
ObjectName("org.apache.karaf:type=log,name=root");
     System.out.println(karafLog.getCanonicalName() + " Level=" + 
mbs.getAttribute(karafLog, "Level"));
   }

}

I'll open a JIRA if this should not be possible.

On 10.03.2015 14:38, Achim Nierbeck wrote:
> Hi,
>
> I think I've seen this behavior too. AFAIC this is a bug.
> Do you happen to have a scenario where it's really reproducible?
> Could you open a issue for it?
>
> Thanks, Achim
>
>
> 2015-03-10 14:23 GMT+01:00 Martin Lichtin <lichtin@yahoo.com 
> <mailto:lichtin@yahoo.com>>:
>
>     I understand that access to MBeans is protected via RBAC mechanism:
>
>     http://karaf.apache.org/manual/latest/users-guide/monitoring.html
>
>     However, is this also the case for code running inside Karaf?
>     E.g. when doing
>
>
>
>        MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
>
>     it seems I can access all MBeans without requiring a
>     username/password.
>
>     However, this is not reliable.
>     Depending on startup timing (or something else), _sometimes_
>     I receive "Insufficient roles/credentials for operation" for a query,
>     indicating that KarafMBeanServerGuard is intervening.
>
>
>
>
> -- 
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> 
> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
> Software Architect / Project Manager / Scrum Master
>


Mime
View raw message