[
https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15201779#comment-15201779
]
T Jake Luciani edited comment on CASSANDRA-10091 at 3/18/16 4:53 PM:
---------------------------------------------------------------------
This is a serious improvement over the current JMX.
Looking at the code I have a couple comments:
CassandraLoginModule:
* All the cleanup code is duplicated for logout/abort/login/etc. please
centralize.
JxmServerUtils:
* We should be using the broadcast interface for this vs 0.0.0.0
I also got this error at one point.
{quote}
Mar 18, 2016 12:13:57 PM RMIConnectionImpl RMIServerCommunicatorAdmin-doStop
WARNING: Failed to close: java.rmi.NoSuchObjectException: object not exported
{quote}
The ability to grant permissions on individual beans is really awesome, I
tested this and it worked great.
What kind of dtests can we add for this? Can you kick the tests off once you
address the above and update NEWS.txt?
was (Author: tjake):
This is a serious improvement over the current JMX.
Looking at the code I have a couple comments:
CassandraLoginModule:
* All the cleanup code is duplicated for logout/abort/login/etc. please
centralize.
JxmServerUtils:
* We should be using the broadcast interface for this vs 0.0.0.0
I also got this error at one point.
{quote}
Mar 18, 2016 12:13:57 PM RMIConnectionImpl RMIServerCommunicatorAdmin-doStop
WARNING: Failed to close: java.rmi.NoSuchObjectException: object not exported
{code}
The ability to grant permissions on individual beans is really awesome, I
tested this and it worked great.
What kind of dtests can we add for this? Can you kick the tests off once you
address the above and update NEWS.txt?
> Integrated JMX authn & authz
> ----------------------------
>
> Key: CASSANDRA-10091
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jan Karlsson
> Assignee: Sam Tunnicliffe
> Priority: Minor
> Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal
> authentication. This would reduce the overhead of keeping passwords in files
> on the machine and would consolidate passwords to one location. It would also
> allow the possibility to handle JMX permissions in Cassandra.
> It could be done by creating our own JMX server and setting custom classes
> for the authenticator and authorizer. We could then add some parameters where
> the user could specify what authenticator and authorizer to use in case they
> want to make their own.
> This could also be done by creating a premain method which creates a jmx
> server. This would give us the feature without changing the Cassandra code
> itself. However I believe this would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a
> custom authenticator and authorizer. It is currently build as a premain,
> however it would be great if we could put this in Cassandra instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
