[jboss-jira] [JBoss JIRA] (WFLY-2040) RBAC + JMX: auditor can't read sensitive non-core MBeans
Kabir Khan (JIRA)
jira-events at lists.jboss.org
Wed Sep 11 12:27:03 EDT 2013
[ https://issues.jboss.org/browse/WFLY-2040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803591#comment-12803591 ]
Kabir Khan commented on WFLY-2040:
----------------------------------
[~lthon]
I have some WIP at https://github.com/kabir/wildfly/compare/rbac-jmx-WFLY-2040?expand=1.
I tried enabling the writeOperation() call in AbstractJmxNonCoreMBeansSensitivityTestCase and added some printlns to getAttribute() and setAttribute() in PluggableMBeanServerImpl. Now the weird thing is that it fails for some of the tests, and passes for others, however the setAttribute() printlns are never shows. I guess there is something happening in the remoting jmx protocol, but I'm unable to get the sources since nexus is playing up at the moment so I cannot debug it.
I think that extraSensitiveOperation() is wrong, only the ones in PluggableMBeanServerImpl calling authorizeSuperUserOrAdministrator() are extra sensitive.
> RBAC + JMX: auditor can't read sensitive non-core MBeans
> --------------------------------------------------------
>
> Key: WFLY-2040
> URL: https://issues.jboss.org/browse/WFLY-2040
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, JMX
> Reporter: Ladislav Thon
> Assignee: Kabir Khan
> Labels: rbac-filed-by-qa
>
> If I set non-core MBeans to be sensitive, like
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:jmx:1.3">
> <expose-resolved-model/>
> <expose-expression-model/>
> <remoting-connector/>
> <sensitivity non-core-mbeans="true"/>
> </subsystem>
> {code}
> then I expect all roles that can read sensitive data (administrator, auditor, superuser) to be able to read non-core MBeans too. This is currently broken, as only administrator and superuser can read non-core MBeans, auditor cannot. I have a test case for this that I will submit later, but the important part is:
> {code}
> boolean successExpected = ...; // 'true' for auditor
> MBeanServerConnection connection = ...;
> ObjectName domain = new ObjectName("java.lang:type=OperatingSystem");
> try {
> Object attribute = connection.getAttribute(domain, "Name");
> assertTrue("Failure was expected", successExpected);
> assertEquals(System.getProperty("os.name"), attribute.toString());
> } catch (IOException e) {
> if (e.getCause() instanceof RuntimeMBeanException && e.getCause().getMessage().contains("11360")) {
> assertFalse("Success was expected but failure happened: " + e, successExpected);
> } else {
> throw e;
> }
> }
> {code}
> Please note that I'm speaking about _reading_ sensitive data, which, if I understand correctly, auditor _can_ do.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list