[jira] [Commented] (CASSANDRA-10091) Integrated JMX authn & authz

Sun, 20 Mar 2016 10:19:18 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-10091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15201779#comment-15201779
 ] 

T Jake Luciani commented on CASSANDRA-10091:
--------------------------------------------

This is a serious improvement over the current JMX.

Looking at the code I have a couple comments:

CassandraLoginModule:
  * All the cleanup code is duplicated for logout/abort/login/etc. please 
centralize.

JxmServerUtils:
  *  We should be using the broadcast interface for this vs 0.0.0.0

I also got this error at one point.
{quote}
  Mar 18, 2016 12:13:57 PM RMIConnectionImpl RMIServerCommunicatorAdmin-doStop
  WARNING: Failed to close: java.rmi.NoSuchObjectException: object not exported
{code}

The ability to grant permissions on individual beans is really awesome, I 
tested this and it worked great.

What kind of dtests can we add for this?  Can you kick the tests off once you 
address the above and update NEWS.txt?


> Integrated JMX authn & authz
> ----------------------------
>
>                 Key: CASSANDRA-10091
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-10091
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.x
>
>
> It would be useful to authenticate with JMX through Cassandra's internal 
> authentication. This would reduce the overhead of keeping passwords in files 
> on the machine and would consolidate passwords to one location. It would also 
> allow the possibility to handle JMX permissions in Cassandra.
> It could be done by creating our own JMX server and setting custom classes 
> for the authenticator and authorizer. We could then add some parameters where 
> the user could specify what authenticator and authorizer to use in case they 
> want to make their own.
> This could also be done by creating a premain method which creates a jmx 
> server. This would give us the feature without changing the Cassandra code 
> itself. However I believe this would be a good feature to have in Cassandra.
> I am currently working on a solution which creates a JMX server and uses a 
> custom authenticator and authorizer. It is currently build as a premain, 
> however it would be great if we could put this in Cassandra instead.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to