Hello,
I am trying to secure the Invoker Service in jmx-invoker-service.xml.
The AuthenticationInterceptor works fine, but I like to have authorization as
well - the hard coded role "JBossAdmin" is OK for now.
I tried (that´s what I found)
<interceptors>
| <interceptor
code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
| securityDomain="java:/jaas/jmx-console"/>
| <interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor"
| authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"/>
| securityDomain="java:/jaas/jmx-console"
| </interceptors>
..but it says
17:54:11,102 WARN [BasicMBeanRegistry] MBeanException: preRegister() failed:
[ObjectName='jboss.jmx:name=Invoker,type=adaptor',
Class=org.jboss.jmx.connector.invoker.InvokerAdaptorService ([EMAIL
PROTECTED])] Cause: java.beans.IntrospectionException: No PropertyDescriptor
for attribute:securityDomain
| 17:54:11,122 INFO [InvokerAdaptorService] Registration is not done -> stop
| 17:54:11,142 ERROR [MainDeployer] Could not create deployment:
file:/C:/JBoss/server/default/deploy/jmx-invoker-service.xml
| org.jboss.deployment.DeploymentException: - nested throwable:
(java.lang.reflect.InvocationTargetException)
| at
org.jboss.system.ServiceConfigurator.install(ServiceConfigurator.java:178)
| at
org.jboss.system.ServiceController.install(ServiceController.java:215)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
When I remove the securityDomain attribute, the deployment works - but not the
interceptor
anonymous wrote : twiddle --server=localhost:1199 --user=user --password=pw
serverinfo -c
brings
17:32:49,919 ERROR [Twiddle] Exec failed
| java.lang.ArrayIndexOutOfBoundsException: 0
| at
org.jboss.jmx.connector.invoker.AuthorizationInterceptor.invoke(AuthorizationInterceptor.java:91)
at
org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:87)
| at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
| at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
| at
org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
| at
org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:164)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
which happens here
76 */
| 77 public Object invoke(Invocation invocation) throws Throwable
| 78 {
| 79 String type = invocation.getType();
| 80 if (type == Invocation.OP_INVOKE)
| 81 {
| 82 String opName = invocation.getName();
| 83 if (opName.equals("invoke"))
| 84 {
| 85 Object[] args = invocation.getArgs();
| 86 org.jboss.invocation.Invocation inv =
(org.jboss.invocation.Invocation) args[0];
| 87 // Authenticate the caller based on the security
association
| 88 Principal caller = inv.getPrincipal();
| 89 //Get the Method Name
| 90 Object[] obj = inv.getArguments();
| 91 ObjectName objname = (ObjectName) obj[0];
| 92 String opname = (String) obj[1];
I searched all over Wiki and Forum but did not find a solution.
What am I doing wrong / what´s missing in the invocation / how can I achieve
authorization?
Thanks in advance and best regards,
Andreas
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3915890#3915890
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3915890
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
