Hi With regard to the $subject issue in the c5 repo [1], we could use several ways to implement a role based access control.
1. Using the password and access files - This is the inbuilt mechanism in JMX for monitoring and management which uses 2 properties based text files to restrict access to readOnly or readWrite to users. The password file contains username/password pairs which is used to authenticate and the access file contains username/privilege pairs which authorizes with readOnly or readWrite access. - A user will get either the *control over all* processes *or* just *a view of all* depending on the access level. - SSL is enabled by default for remote monitoring and thus the SSL should be configured properly after setting up a digital certificate. System properties for keystore and truststore should be set in the server. 2. Using custom authorization - If the completely readOnly or readWrite approach is not appropriate, a fine-grained authorization can be done using either of the following in lieu of the access file: i. Java Policy file - The file should be supplied as a system property on server startup. ii. Custom authorization using a server-side code 3. Using custom authentication - JMXAuthenticator [2] interface is based on JAAS login module. Thus, a custom JAAS authentication can be used for authentication in lieu of the password file. - The access file or one of the methods stated in *2.* can be used for authorization. - The JAAS configurations should be loaded on server startup by setting a system property. [1] https://github.com/wso2/carbon-kernel/issues/1247 [2] http://docs.oracle.com/javase/7/docs/api/javax/management/remote/ JMXAuthenticator.html Thank you Regards, Asma -- Asma Zinneera Jabir Software Engineer WSO2 Inc: http://wso2.com/ Contact No: +94 77 332 4752 <+94%2077%20332%204752>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
