Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-1631

JMX operations on broker bypass authorization plugin

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: jboss-fuse-6.2
    • Component/s: Hawtio
    • Labels:
      None

      Description

      When securing the broker using authentication and authorization, any JMX operations on the broker completely bypass the authorization plugin.
      So anyone can modify the broker bypassing security checks
      Also, because of this its not possible to define a read only user for the web console.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dbokde Dhiraj Bokde
                Reporter:
                mielket Torsten Mielke
                Tester:
                Tomáš Turek
              • Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: