On Mon, Dec 1, 2008 at 2:47 AM, Robbie Gemmell <[EMAIL PROTECTED]> wrote:
> Noticed something earlier when playing with different database types. The > JMXManagedObjectRegistry and AMQUserManagementMBean classes related to the > JMX management features dont use the same terms of selection/assignment for > the PrincipalDatabase they should use, and so can potentially use different > databases. This would result in management console connections being > authenticated through one principal database, and the console's > usermanagement capabilities modifying a different principal database. Is > that by design (eg, allowing JMX management specific accounts??) or is it > option number 2, a bug ? Thought id enquire to make sure before cluttering > the JIRA J This by design. Admin rights and AMQP rights are different concepts. > AMQUserManagementMBean has its principal database set according to the > broker.security.jmx.principal-database element from the configuration file, > and is set at startup by the ConfigurationFilePrincipalDatabaseManager > .initialisePrincipalDatabase() method, just before the > JMXManagedObjectRegistry is created, which itself acquires a list of all the > principal databases from the application registry and loops through them, > selecting either the first Base64MD5PasswordFilePrincipalDatabase it finds, > or if it find none then uses the last PlainPasswordFilePrincipalDatabase it > encounters. I've always thought that this was a rather weird way of doing it, we should clean that up and make it more obvious. - Aidan -- Apache Qpid - World Domination through Advanced Message Queueing http://cwiki.apache.org/qpid "Have we anything resembling a plan?" "Mm-hm. Ride till we find them... and kill them all." - The 13th Warrior
