[jboss-user] [JNDI/Naming/Network] - Securing JNDI access with role-based security in 5.1
augustsimonelli
do-not-reply at jboss.com
Thu Aug 20 19:32:56 EDT 2009
Hi all,
I'm currently setting up a JBoss system for some developers and they need access to JNDI to allow them to browse and manipulate message queues. I've got JBoss bound to the external IP of the box but before opening the firewall for the JNDI access I'd like to at least force some security.
My searching led me to
http://sourceforge.net/docman/display_doc.php?docid=20143&group_id=22866
which states "The JNDI naming service is not secured by default and allows access to the JBoss JNDI tree on port 1099. You can change the port and interface which the naming service is bound on, as well as add role based security using a custom XMBean configuration."
I searched more and found a post at
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823726#3823726
pointing me to
http://www.jboss.org/community/wiki/XMBeansforSecurity.
I've begun to follow the XMBeans as per that wiki article but am stuck.
I don't know where to do this step:
"Now you need to configure the NamingService to use the detached invoker framework to expose an org.jnp.interfaces.Naming interface proxy to JNDI clients in order to have the jndi lookups routed to the NamingService.invoke method. The following 3.2.6+ confg/jboss-service.xml fragement illustrates this for the RMI/JRMP detached invoker:"
Additionally, the references are all for 3.x and 4.x not 5.1.
So, as I'm just a lowly sysadmin does anyone have any advise on how to secure my JNDI access with roles-based security? Have a missed something super obvious?
Or is there a better way than this? Another way, perhaps?
Thanks!
August
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250772#4250772
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250772
More information about the jboss-user
mailing list