[jboss-jira] [JBoss JIRA] Commented: (JBAS-6181) cannot secure jmx invoker service

Aleksandar Kostadinov (JIRA) jira-events at lists.jboss.org
Sun Nov 9 00:51:37 EST 2008 

    [ https://jira.jboss.org/jira/browse/JBAS-6181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12437559#action_12437559 ] 

Aleksandar Kostadinov commented on JBAS-6181:
---------------------------------------------

Looking at a JBoss AS build log (like http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSuite-sun15/lastBuild/consoleText) I see that the test was run on server "all" which is not secured. I have no problems to connect a non-secured instance *with* username and a password.

I have problems accessing *secured* JBoss AS instance.

A good test would have been to run the test case on a secured server. As well another test would be to try connecting secured server configuration without credentials (and expect exception), to verify it is actually secured.

> cannot secure jmx invoker service
> ---------------------------------
>
>                 Key: JBAS-6181
>                 URL: https://jira.jboss.org/jira/browse/JBAS-6181
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-5.0.0.CR2
>         Environment: AS 5 trunk r80638
>            Reporter: Aleksandar Kostadinov
>            Assignee: Anil Saldhana
>             Fix For: JBossAS-5.0.0.GA
>
>
> When I edit deploy/jmx-invoker-service.xml and uncomment the AuthenticationInterceptor one can still access the server without a password. (tried with shutdown.sh)
> When I add AuthorizationInterceptor and try to shutdown server (no matter with or without a password) I get:
> Exception in thread "main" java.lang.SecurityException: No active Subject found, add th AuthenticationInterceptor
> ... (for full stack trace, see the forum thread)
> Seems that for some reason AuthenticationInterceptor is not working.
> Here is how I the interceptors look like:
>                <interceptors>
>                   <!-- Uncomment to require authenticated users -->
>                   <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
>                      securityDomain="java:/jaas/jmx-console"/>
>                   <interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor"
>                      authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"></interceptor>
>                   <!-- Interceptor that deals with non-serializable results -->
>                   <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
>                      policyClass="StripModelMBeanInfoPolicy"/>
>                </interceptors>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list