[jira] Updated: (QPID-1568) JConsole/VisualVM unable to connect to broker when JMX RMI authentication and access control is used

Sat, 10 Jan 2009 17:56:24 -0800 

     [ 
https://issues.apache.org/jira/browse/QPID-1568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Gemmell updated QPID-1568:
---------------------------------

    Attachment: QPID-1568_11jan2009.patch

Investigating fine level logging output from JConsole showed that the initial 
connection attempt was actually successful, but the tools would then 
immediately disconnect without indication of a reason. Using VisualVM provided 
more error detail, and showed the problem to be a result of SecurityExceptions 
being raised in the custom MBeanInvocationHandlerImpl class, where it was found 
that the new use of authentication and access control on the RMI connection 
exposed a flaw in a method used to determine if invoked methods are read-only 
methods. The isRegistered() and isInstanceOf() methods of MBeanServer are not 
covered by the existing categorization tests and so their use by the consoles 
was not being flagged as a read-only, violating the rights of the guest account 
being used. This hasnt previously been exposed because the Qpid JMX managemetn 
Console does not use these methods, the RMI connnection has thus far been 
unauthenticated and did not use the custom invoker, and the JMXMP connection 
would require making JConsole/VisualVM support the SASL process used by the 
broker.

The attached QPID-1568_11jan2009.patch solves this by flagging these methods as 
read-only. Additionally, a field name was changed to adhere to the qpid coding 
style.

> JConsole/VisualVM unable to connect to broker when JMX RMI authentication and 
> access control is used
> ----------------------------------------------------------------------------------------------------
>
>                 Key: QPID-1568
>                 URL: https://issues.apache.org/jira/browse/QPID-1568
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Robert Gemmell
>         Attachments: QPID-1568_11jan2009.patch
>
>
> When authentication and access control is added to the RMI based JMX 
> connector server used by the Java broker, management tools such as JConsole 
> and VisualVM are unable to remotely connect to the console. Logging output 
> from JConsole indicated that a connection is successfully established and 
> then immediatley closed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to