[jboss-user] [Clustering/JBoss] - Re: Accessing singleton MBean from a cluster node

bstansberry@jboss.com do-not-reply at jboss.com
Mon May 21 10:05:43 EDT 2007

Looks like the jboss.jmx:type=adaptor,name=Invoker service is secured, using the same security domain as the JMX console. So, you need to associate a principal and credential that the jmx-console domain will accept with the caller thread before invoking on the adaptor.

This can be done as follows:

  | ... your existing stuff
  | String user = "foo"; // replace with whatever you want
  | org.jboss.security.SimplePrincipal prin = new SimplePrincipal(user);
  | org.jboss.security.SecurityAssociation.setPrincipal(prin);
  | char[] pwd = "bar".toCharArray(); // replace with whatever you want
  | org.jboss.security.SecurityAssociation.setCredential(pwd);
  | if( (rmiAdaptor != null) && (rmiAdaptor.isRegistered(new ObjectName("kapart.mbean:service=ScheduleManager"))) ) {
  |           rmiAdaptor.invoke( new ObjectName("kapart.mbean:service=ScheduleManager"), "startSingleton", null, null );
  |         }

Probably a better idea is to call SecurityAssociation.getPrincipal() and getCredential() first and cache the results in a local variable.  Then do the above in a try/finally block.  In the finally, reset the principal and credential to whatever they were.  This way if the thread has a end user's principal and credential associated with it, they won't be lost.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047246#4047246

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047246

More information about the jboss-user mailing list