[jira] Commented: (DERBY-3462) Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX

Fri, 14 Mar 2008 08:18:03 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578800#action_12578800
 ] 

Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------

> If JMX authentication is enabled, and the custom policy file includes 
> permissions for a specific user to perform a set of JMX actions, then are the 
> above mentioned permissions still needed for derby.jar,

It's standard Java permission use, which I didn't think I wanted to explain in 
a comment in an internal policy file :-)

The permission needs to be granted to protection domains on the stack including 
derby.jar, since that is the code executing the permission check.
When Java Subject based authentication is used then the permission must be 
granted to those subjects as well.

So at one level it's hard to answer the question because I don't know what 
permissions are granted in the custom policy file.
E.g. this in the policy file (guide only not exact syntax)

grant principal JMXPrincipal "DAN" {
  permission SystemPermission "jmx", "control";
}

grants jmx control permission for the DAN for all code bases, thus no 
additional grant would be required.

The following would not be sufficient as the code calling into Derby (the 
system jmx code in some cases) does not have the required permission.
Even though it is system code the permission needs to be granted to the code 
and the Subject in each domain, and the Subject (containing JMXPrincipal DAN) 
is not granted permissions outside of the protection domain including derby.jar

grant codebase "file...derby.jar" principal JMXPrincipal "DAN" {
  permission SystemPermission "jmx", "control"
}


> Require new permissions in o.a.d.security.SystemPermission to allow control 
> to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3462
>                 URL: https://issues.apache.org/jira/browse/DERBY-3462
>             Project: Derby
>          Issue Type: Sub-task
>          Components: JMX, Security
>            Reporter: Daniel John Debrunner
>            Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to