[jboss-jira] [JBoss JIRA] Created: (JBAS-6181) cannot secure jmx invoker service
Aleksandar Kostadinov (JIRA)
jira-events at lists.jboss.org
Sat Nov 8 10:17:36 EST 2008
cannot secure jmx invoker service
---------------------------------
Key: JBAS-6181
URL: https://jira.jboss.org/jira/browse/JBAS-6181
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-5.0.0.CR2
Environment: AS 5 trunk r80638
Reporter: Aleksandar Kostadinov
Assignee: Anil Saldhana
Fix For: JBossAS-5.0.0.GA
When I edit deploy/jmx-invoker-service.xml and uncomment the AuthenticationInterceptor one can still access the server without a password. (tried with shutdown.sh)
When I add AuthorizationInterceptor and try to shutdown server (no matter with or without a password) I get:
Exception in thread "main" java.lang.SecurityException: No active Subject found, add th AuthenticationInterceptor
... (for full stack trace, see the forum thread)
Seems that for some reason AuthenticationInterceptor is not working.
Here is how I the interceptors look like:
<interceptors>
<!-- Uncomment to require authenticated users -->
<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
securityDomain="java:/jaas/jmx-console"/>
<interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor"
authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"></interceptor>
<!-- Interceptor that deals with non-serializable results -->
<interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
policyClass="StripModelMBeanInfoPolicy"/>
</interceptors>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list