[esb-issues] [JBoss JIRA] Closed: (JBESB-1358) ESB does not include security principals when accessing secured JMX domain

Saturday, 24 November 2007

     [ http://jira.jboss.com/jira/browse/JBESB-1358?page=all ]

Kevin Conner closed JBESB-1358.
-------------------------------

    Resolution: Done

I have changed the actions responsible so that they use the locator instead on JNDI lookup
for remote access.  At the moment these actions are co-located with the MBeanServer so it
is currently safe.

CP fix in revision 16774.
trunk fix is in revision 16777.

...
 ESB does not include security principals when accessing secured JMX
domain 
 ---------------------------------------------------------------------------

                 Key: JBESB-1358
                 URL: http://jira.jboss.com/jira/browse/JBESB-1358
             Project: JBoss ESB
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
          Components: Security
    Affects Versions: 4.2.1
         Environment: SOA Platform IR6 
            Reporter: Christopher Brock
         Assigned To: Kevin Conner
            Priority: Blocker
             Fix For: 4.2.1 CP1

 The ESB server does not appear to be passing any security credentials when it requests
resources from inside the JMX context.  
 This is problematic for the SOA platform, as the JMX security domain is secured out of
the box.  
 Stack Trace Below:
 org.jboss.soa.esb.actions.ActionProcessingException: Unexpected invocation target
exception from processor
 	at
org.jboss.soa.esb.listeners.message.ActionProcessorMethodInfo.processMethods(ActionProcessorMethodInfo.java:127)
 	at
org.jboss.soa.esb.listeners.message.OverriddenActionLifecycleProcessor.process(OverriddenActionLifecycleProcessor.java:74)
 	at
org.jboss.soa.esb.listeners.message.ActionProcessingPipeline.process(ActionProcessingPipeline.java:316)
 	at
org.jboss.soa.esb.listeners.message.MessageAwareListener$1.run(MessageAwareListener.java:303)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
 	at java.lang.Thread.run(Thread.java:613)
 Caused by: java.lang.SecurityException: Failed to authenticate principal=null,
securityDomain=jmx-console
 	at
org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:97)
 	at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 	at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 	at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 	at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:179)
 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[esb-issues] [JBoss JIRA] Closed: (JBESB-1358) ESB does not include security principals when accessing secured JMX domain