[
https://issues.apache.org/jira/browse/QPID-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell updated QPID-2189:
---------------------------------
Status: Ready To Review (was: In Progress)
> only admin level users can complete connection to 2.5.0.0 or below (when
> configured to use <security-enabled> / JMXMP)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-2189
> URL: https://issues.apache.org/jira/browse/QPID-2189
> Project: Qpid
> Issue Type: Bug
> Components: Java Management : JMX Console
> Affects Versions: 0.6
> Reporter: Robbie Gemmell
> Assignee: Robbie Gemmell
> Fix For: 0.6
>
>
> Only admin level users can complete connection to 2.5.0.0, or older brokers
> configured to use <security-enabled> / JMXMP for their management connection.
> Thisis due to the new console using a fallback method to determine what 'Qpid
> JMX API' version to classify the broker as supporting. In doing so, the
> console queries the MbeanServerConnection for the existence of the
> UserManagement MBean using an exact match for its 'type' key. Whilst other
> calls to the same queryNames method will return the UserManagement MBean's
> ObjectName, the broker uses the exact type of this MBean to prevent non-admin
> users from actually accessing it and so when the query is an exact match is
> placed in the query this raises a SecurityException and causes the connection
> to fail.
> The solution is to change the query to use an ObjectName pattern to match the
> UserManagement MBean which will still match only the Mbean in question but
> prevent the security check from denying the request.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org
