Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-6181

cannot secure jmx invoker service

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • JBossAS-5.0.0.GA
    • JBossAS-5.0.0.CR2
    • Security
    • None

    Description

      When I edit deploy/jmx-invoker-service.xml and uncomment the AuthenticationInterceptor one can still access the server without a password. (tried with shutdown.sh)

      When I add AuthorizationInterceptor and try to shutdown server (no matter with or without a password) I get:
      Exception in thread "main" java.lang.SecurityException: No active Subject found, add th AuthenticationInterceptor
      ... (for full stack trace, see the forum thread)

      Seems that for some reason AuthenticationInterceptor is not working.

      Here is how I the interceptors look like:
      <interceptors>
      <!-- Uncomment to require authenticated users -->
      <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
      securityDomain="java:/jaas/jmx-console"/>
      <interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor"
      authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"></interceptor>
      <!-- Interceptor that deals with non-serializable results -->
      <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"
      policyClass="StripModelMBeanInfoPolicy"/>
      </interceptors>

      Attachments

        Activity

          People

            mmoyses Marcus Moyses (Inactive)
            akostadi1@redhat.com Aleksandar Kostadinov
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: