Details
-
Bug
-
Resolution: Done
-
Major
-
EAP 5.0.0
-
None
-
From a customer case: 681083
EAP 5.0
OS is RHEL 5.4 Linux jbsrd4.int.corp.sun 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Sun's JDK 1.6.0_15
Description
The call chain basically starts with something like mbeanServerProxy.getAttributes(objName, attribsArray). Somehow it seems like the attribsArray arg is somehow making it into a place expecting the opname.
I'll post the full stack trace in the first comment. The overriding exception is:
Caused by: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String
at org.jboss.jmx.connector.invoker.AuthorizationInterceptor.invoke(AuthorizationInterceptor.java:110)
at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:104)
We investigated different authorization setups trying to isolate the situation. here is an abridged exchange with the customer:
"Can you try either disabling the JMX auth or using file-based auth as opposed to LDAP? The LDAP JMX auth is the one thing here that may be different than most envs."
"I reverted my test EAP instance to a standard UsersRoleLoginModule based authentication. I was able to monitor via MBeanServer with this setup.
We had secured the JMX invoker to require authentication and authorization (the setup shown in 4.2.2 in https://jira.jboss.org/jira/browse/SECURITY-31). I then tried removing the ExternalizableRolesAuthorization (reverting to the setup shown in 3.2.1) property on an instance configured with LDAP. That scenario also worked.
Finally, I tried re-enabling ExternalizableRolesAuthorization on my file-based auth and my monitoring stopped working and I started recieving the ClassCastException again."
Full stack trace to follow...
Attachments
Issue Links
- relates to
-
-
- Closed
-
