only admin level users can complete connection to 2.5.0.0 or below (when
configured to use <security-enabled> / JMXMP)
----------------------------------------------------------------------------------------------------------------------
Key: QPID-2189
URL: https://issues.apache.org/jira/browse/QPID-2189
Project: Qpid
Issue Type: Bug
Components: Java Management : JMX Console
Affects Versions: 0.6
Reporter: Robbie Gemmell
Assignee: Robbie Gemmell
Fix For: 0.6
Only admin level users can complete connection to 2.5.0.0, or older brokers
configured to use <security-enabled> / JMXMP for their management connection.
Thisis due to the new console using a fallback method to determine what 'Qpid
JMX API' version to classify the broker as supporting. In doing so, the console
queries the MbeanServerConnection for the existence of the UserManagement MBean
using an exact match for its 'type' key. Whilst other calls to the same
queryNames method will return the UserManagement MBean's ObjectName, the broker
uses the exact type of this MBean to prevent non-admin users from actually
accessing it and so when the query is an exact match is placed in the query
this raises a SecurityException and causes the connection to fail.
The solution is to change the query to use an ObjectName pattern to match the
UserManagement MBean which will still match only the Mbean in question but
prevent the security check from denying the request.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
