[jboss-jira] [JBoss JIRA] Commented: (JBAS-6181) cannot secure jmx invoker service

Marcus Moyses (JIRA) jira-events at lists.jboss.org
Mon Nov 10 14:16:37 EST 2008 

    [ https://jira.jboss.org/jira/browse/JBAS-6181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12437738#action_12437738 ] 

Marcus Moyses commented on JBAS-6181:
-------------------------------------

By the time the invoker MBean is created, the JBossSecurityJNDIContextEstablishment MC bean (in deploy/security/security-jboss-beans.xml) has not yet started. This is the bean responsible for setting the SecurityDomainObjectFactory as the factory for java:/jaas/securityDomains.
In the interceptor, the lookup for the security domain fails (returns null) so no authentication is done in the invoke method.
Adding a dependency to the MC bean does not solve the problem because it occurs at creation time and not at start of the service.

> cannot secure jmx invoker service
> ---------------------------------
>
>                 Key: JBAS-6181
>                 URL: https://jira.jboss.org/jira/browse/JBAS-6181
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-5.0.0.CR2
>         Environment: AS 5 trunk r80638
>            Reporter: Aleksandar Kostadinov
>            Assignee: Marcus Moyses
>             Fix For: JBossAS-5.0.0.GA
>
>
> When I edit deploy/jmx-invoker-service.xml and uncomment the AuthenticationInterceptor one can still access the server without a password. (tried with shutdown.sh)
> When I add AuthorizationInterceptor and try to shutdown server (no matter with or without a password) I get:
> Exception in thread "main" java.lang.SecurityException: No active Subject found, add th AuthenticationInterceptor
> ... (for full stack trace, see the forum thread)
> Seems that for some reason AuthenticationInterceptor is not working.
> Here is how I the interceptors look like:
>                <interceptors>
>                   <!-- Uncomment to require authenticated users -->
>                   <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
>                      securityDomain="java:/jaas/jmx-console"/>
>                   <interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor"
>                      authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"></interceptor>
>                   <!-- Interceptor that deals with non-serializable results -->
>                   <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
>                      policyClass="StripModelMBeanInfoPolicy"/>
>                </interceptors>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list