[jboss-jira] [JBoss JIRA] (WFLY-3051) http-remoting-jmx connection failure connecting to Undertow subsystem instead of Undertow management

Rituraj Sinha (JIRA) issues at jboss.org
Sat Mar 8 06:17:34 EST 2014 

    [ https://issues.jboss.org/browse/WFLY-3051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12951326#comment-12951326 ] 

Rituraj Sinha edited comment on WFLY-3051 at 3/8/14 6:17 AM:
-------------------------------------------------------------

Hi Darran,

we have a situation where we want to secure our JMX console as well...on the basis of roles ...there is a requirement where team wants to have access to JMX but it should only be Read Only...

As wildfly supports RBAC(i feel its only for management tasks) ...i have created a application user and password assigned a Monitoring group to it ...is it possible that it can take one of the roles predefined in RBAC and when it logs in with these credentials they can only monitor the stuff as it there on the web_management condole...?

can the user created in the application realm also get the privilege of predefined Roles (like Monitor) and access associated with it to connect to JMX..so that they can get the access but cant do anything there...?

Thanks
Rituraj
  
                
      was (Author: rituraj):
    Hi Darran,

we have a situation where we want to secure our JMX console as well...on the basis of roles ...there is a requirement where team wants to have access to JMX but it should only be Read Only...

As wildfly supports RBAC(i feel its only for management tasks) ...i have created a application user and password assigned a Monitoring group to it ...is it possible that it can take one of the roles predefined in RBAC and when it logs in with these credentials they can only monitor the stuff as it there on the web_management condole...?

can the user craeted in the application realm also get the privilege of predefined Roles (like Monitor) and access associated with it to connect to JMX..so that they can get the access but cant do anything there...?

Thanks
Rituraj
  
                  
> http-remoting-jmx connection failure connecting to Undertow subsystem instead of Undertow management
> ----------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-3051
>                 URL: https://issues.jboss.org/browse/WFLY-3051
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: JMX, Remoting
>    Affects Versions: 8.0.0.Final
>            Reporter: Rituraj Sinha
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 8.0.1.Final
>
>
> i have gone through the below link for JMX subsystem for wildfly 8 as
> https://docs.jboss.org/author/display/WFLY8/JMX+subsystem+configuration
>  
> but unable to connect to server-instances running remotely ...i have posted my question there as well and pasting it here now ...
> can someone please give us the steps to configure JMX through jconsole...?
> changes done on the domain.xml are the same as stated above
> <subsystem xmlns="urn:jboss:domain:jmx:1.3">
>                 <expose-resolved-model/>
>                 <expose-expression-model/>
>                 <remoting-connector use-management-endpoint="false"/>
>             </subsystem>
> <subsystem xmlns="urn:jboss:domain:jmx:1.3">
>                 <expose-resolved-model/>
>                 <expose-expression-model/>
>                 <remoting-connector use-management-endpoint="false"/>
>             </subsystem>
> as per the jboss-as-jmx_1_3.xsd  its like
> <xs:attribute name="use-management-endpoint" type="xs:boolean" default="true" use="optional" >
>             <xs:annotation>
>                 <xs:documentation>
>                     If true then this connector will use the management endpoint, otherwise it will use the
>                     remoting subsystem endpoint.
>                 </xs:documentation>
>             </xs:annotation>
>         </xs:attribute>
> now if we are making it false then it should be using the remoting endpoint ...now remoting subsystem by default uses ApplicatoinRealm
> i have created application-user and password for the same but when i am trying to connect to remote server-instances its not connecting it....
> below is what i am able to connect to 
> service:jmx:http-remoting-jmx://remote_hostA:9990 --
> Unknown macro: {host A is where my domain_controller is running}
> how can i access the server-instances running on domain_controller
> Unknown macro: {there are three server_instanaces running on HostA with a port offset of 100 each}
> i am trying to connect with the below url as 
> service:jmx:http-remoting-jmx://lremote_hostA:8180
> let me know if something is missing from my side...
> Thanks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list