[hibernate-dev] exposing statistics easier (HHH-3593 solution)

John Mazzitelli mazz at redhat.com
Thu Nov 20 17:32:59 EST 2008


> I don't know the MBean security model. How do I 
> ensure that an given MBean is restricted in view / write access?

This is a good point. But I would say that security could be imposed on 
the level of JMX remoting. For example, I could enable SSL on the JMX 
connector using SUN's com.sun.managment.jmxremote settings when I start 
the VM. This would secure the MBean without Hibernate having to do anything.

But, even if that isn't good enough, the developer is free enough on his 
own to NOT configure these hibernate generate_statistics.jmx settings 
and to write that special code themselves using whatever security 
controls they want. But for someone running in a secured environment who 
does not wish to secure access to this stuff or for those willing to use 
the built-in JMX secure-remoting features the VM provides, having a 
configurable way to do it is a nice feature.

At the very least, this built-in JMX deployment is a convenience that 
helps with development/tuning phases of app development (even if 
security is a concern in production). In other words, while I'm 
developing/testing/tuning my app, I can turn on these settings to enable 
the stats (which is where they are most useful anyway) - but when I 
deploy my app in production, I simply do not set them.  Without these 
config settings, it would force me to either disable my special code in 
my own custom way or I have to remember to remove that JMX deployment 
code before building/deploying to production.




More information about the hibernate-dev mailing list