[jboss-jira] [JBoss JIRA] (WFLY-2040) RBAC + JMX: auditor can't read sensitive non-core MBeans

Ladislav Thon (JIRA) jira-events at lists.jboss.org
Thu Sep 12 02:19:03 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-2040?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803703#comment-12803703 ] 

Ladislav Thon commented on WFLY-2040:
-------------------------------------

[~kabirkhan] Thank you! If {{MBeanRuntimeException}} will be thrown directly instead of being wrapped up in {{IOException}}, then that's a good thing and I'll be glad to fix my tests.

Regarding {{extraSensitiveOperation}}, I tried the first operation that I found that looked reasonable and it indeed did trigger the check inside {{PluggableMBeanServerImpl}}. Once we have the original issue fixed, I'll see if the {{extraSensitiveOperation}} bits still make sense and if not, I'll drop that test entirely.
                
> RBAC + JMX: auditor can't read sensitive non-core MBeans
> --------------------------------------------------------
>
>                 Key: WFLY-2040
>                 URL: https://issues.jboss.org/browse/WFLY-2040
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Domain Management, JMX
>            Reporter: Ladislav Thon
>            Assignee: Kabir Khan
>              Labels: rbac-filed-by-qa
>
> If I set non-core MBeans to be sensitive, like
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:jmx:1.3">
>     <expose-resolved-model/>
>     <expose-expression-model/>
>     <remoting-connector/>
>     <sensitivity non-core-mbeans="true"/>
> </subsystem>
> {code}
> then I expect all roles that can read sensitive data (administrator, auditor, superuser) to be able to read non-core MBeans too. This is currently broken, as only administrator and superuser can read non-core MBeans, auditor cannot. I have a test case for this that I will submit later, but the important part is:
> {code}
> boolean successExpected = ...; // 'true' for auditor
> MBeanServerConnection connection = ...;
> ObjectName domain = new ObjectName("java.lang:type=OperatingSystem");
> try {
>     Object attribute = connection.getAttribute(domain, "Name");
>     assertTrue("Failure was expected", successExpected);
>     assertEquals(System.getProperty("os.name"), attribute.toString());
> } catch (IOException e) {
>     if (e.getCause() instanceof RuntimeMBeanException && e.getCause().getMessage().contains("11360")) {
>         assertFalse("Success was expected but failure happened: " + e, successExpected);
>     } else {
>         throw e;
>     }
> }
> {code}
> Please note that I'm speaking about _reading_ sensitive data, which, if I understand correctly, auditor _can_ do.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list