[jira] [Updated] (AMQ-4567) JMX operations on broker bypass authorization plugin

Claus Ibsen (JIRA) Wed, 30 Oct 2013 02:49:06 -0700

     [ 
https://issues.apache.org/jira/browse/AMQ-4567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Claus Ibsen updated AMQ-4567:
-----------------------------

    Fix Version/s: 5.9.0
         Assignee: Dejan Bosanac
       Issue Type: New Feature  (was: Bug)

>  JMX operations on broker bypass authorization plugin
> -----------------------------------------------------
>
>                 Key: AMQ-4567
>                 URL: https://issues.apache.org/jira/browse/AMQ-4567
>             Project: ActiveMQ
>          Issue Type: New Feature
>          Components: Broker
>    Affects Versions: 5.8.0
>            Reporter: Torsten Mielke
>            Assignee: Dejan Bosanac
>              Labels: authorization
>             Fix For: 5.9.0
>
>
> When securing the broker using authentication and authorization, any JMX 
> operations on the broker completely bypass the authorization plugin.
> So anyone can modify the broker bypassing the security checks. Also, because 
> of this its not possible to define a read only user for the web console.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Updated] (AMQ-4567) JMX operations on broker bypass authorization plugin

Reply via email to