Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-1962

Hawtio RBAC bypassed if com.sun.management.jmxremote Java system properties are set

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • AMQ 7.2.2.GA
    • AMQ 7.2.0.GA
    • documentation
    • None
    • Documentation (Ref Guide, User Guide, etc.)
    • Hide

      Configure a view only user for the broker:
      artemis-roles.properties

      viewer = fred

      management.xml

      <default-access>
         <access method="list*" roles="amq,viewer"/>
         <access method="get*" roles="amq,viewer"/>
         <access method="is*" roles="amq,viewer"/>
         <access method="browse*" roles="amq,viewer"/>
         <access method="set*" roles="amq"/>
         <access method="*" roles="amq"/>
      </default-access>
      <role-access>
         <match domain="org.apache.activemq.artemis">
            <access method="list*" roles="amq,viewer"/>
            <access method="get*" roles="amq,viewer"/>
            <access method="is*" roles="amq,viewer"/>
            <access method="browse*" roles="amq,viewer"/>
            <access method="set*" roles="amq"/>
            <access method="*" roles="amq"/>
         </match>
         <!--example of how to configure a specific object-->
         <!--<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
            <access method="list*" roles="view,update,amq"/>
            <access method="get*" roles="view,update,amq"/>
            <access method="is*" roles="view,update,amq"/>
            <access method="set*" roles="update,amq"/>
            <access method="*" roles="amq"/>
         </match>-->
      </role-access>

      artemis.profile:

      # Java Opts
JAVA_ARGS=" -XX:+PrintClassHistogram -XX:+UseG1GC -XX:+AggressiveOpts -XX:+UseFastAccessorMethods -Xms512M -Xmx2G -Dhawtio.realm=activemq  -Dhawtio.offline="true" -Dhawtio.roles=amq,viewer -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml -Djon.id=amq"

#
# There might be options that you only want to enable on specifc commands, like setting a JMX port
# See https://issues.apache.org/jira/browse/ARTEMIS-318
if [ "$1" = "run" ]; then
  JAVA_ARGS="$JAVA_ARGS -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.rmi.port=1098 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
fi

      Using the a user with the viewer role, log into Hawtio and attempt to delete a message on queue

      Expected Result
      User should be prevented from deleting message

      Actual Result
      Message is deleted from the queue

      If the com.sun.management.jmxremote Java system properties are commented out, the expected behavior occurs.

      Show
      Configure a view only user for the broker: artemis-roles.properties viewer = fred management.xml < default -access> <access method= "list*" roles= "amq,viewer" /> <access method= "get*" roles= "amq,viewer" /> <access method= "is*" roles= "amq,viewer" /> <access method= "browse*" roles= "amq,viewer" /> <access method= "set*" roles= "amq" /> <access method= "*" roles= "amq" /> </ default -access> <role-access> <match domain= "org.apache.activemq.artemis" > <access method= "list*" roles= "amq,viewer" /> <access method= "get*" roles= "amq,viewer" /> <access method= "is*" roles= "amq,viewer" /> <access method= "browse*" roles= "amq,viewer" /> <access method= "set*" roles= "amq" /> <access method= "*" roles= "amq" /> </match> <!--example of how to configure a specific object--> <!--<match domain= "org.apache.activemq.artemis" key= "subcomponent=queues" > <access method= "list*" roles= "view,update,amq" /> <access method= "get*" roles= "view,update,amq" /> <access method= "is*" roles= "view,update,amq" /> <access method= "set*" roles= "update,amq" /> <access method= "*" roles= "amq" /> </match>--> </role-access> artemis.profile: # Java Opts JAVA_ARGS= " -XX:+PrintClassHistogram -XX:+UseG1GC -XX:+AggressiveOpts -XX:+UseFastAccessorMethods -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline=" true " -Dhawtio.roles=amq,viewer -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml -Djon.id=amq" # # There might be options that you only want to enable on specifc commands, like setting a JMX port # See https: //issues.apache.org/jira/browse/ARTEMIS-318 if [ "$1" = "run" ]; then JAVA_ARGS= "$JAVA_ARGS -Dcom.sun.management.jmxremote= true -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.rmi.port=1098 -Dcom.sun.management.jmxremote.ssl= false -Dcom.sun.management.jmxremote.authenticate= false " fi Using the a user with the viewer role, log into Hawtio and attempt to delete a message on queue Expected Result User should be prevented from deleting message Actual Result Message is deleted from the queue If the com.sun.management.jmxremote Java system properties are commented out, the expected behavior occurs.

    Description

      If the com.sun.management.jmxremote Java system properties are set in the artemis.profile, RBAC is bypassed in Hawtio.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. AMQDOC-3003 Customer feedback - JMX Remote Configuration

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved

          Activity

            People

              rh-ee-ataylor Andy Taylor
              rhn-support-jsherman Jason Sherman
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: