Hi Asma, Did you start working on this?
On Fri, Apr 7, 2017 at 6:07 PM, Asma Jabir <[email protected]> wrote: > Hi > > With regard to the $subject issue in the c5 repo [1], we could use several > ways to implement a role based access control. > > 1. Using the password and access files > > - This is the inbuilt mechanism in JMX for monitoring and management > which uses 2 properties based text files to restrict access to readOnly or > readWrite to users. The password file contains username/password pairs > which is used to authenticate and the access file contains > username/privilege pairs which authorizes with readOnly or readWrite > access. > - A user will get either the *control over all* processes *or* just *a > view of all* depending on the access level. > - SSL is enabled by default for remote monitoring and thus the SSL > should be configured properly after setting up a digital certificate. > System properties for keystore and truststore should be set in the server. > > 2. Using custom authorization > > - If the completely readOnly or readWrite approach is not appropriate, > a fine-grained authorization can be done using either of the following in > lieu of the access file: > > i. Java Policy file - The file should be supplied as a system property > on server startup. > > ii. Custom authorization using a server-side code > > > 3. Using custom authentication > > - JMXAuthenticator [2] interface is based on JAAS login module. Thus, > a custom JAAS authentication can be used for authentication in lieu of the > password file. > - The access file or one of the methods stated in *2.* can be used for > authorization. > - The JAAS configurations should be loaded on server startup by > setting a system property. > > [1] https://github.com/wso2/carbon-kernel/issues/1247 > [2] http://docs.oracle.com/javase/7/docs/api/javax/managemen > t/remote/JMXAuthenticator.html > > Thank you > > Regards, > Asma > -- > Asma Zinneera Jabir > Software Engineer > WSO2 Inc: http://wso2.com/ > Contact No: +94 77 332 4752 <+94%2077%20332%204752> > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Isuru Perera Technical Lead | WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware about.me/chrishantha Contact: +IsuruPereraWSO2 <https://www.google.com/+IsuruPereraWSO2/about>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
