Rick Hillegas wrote:
Daniel John Debrunner wrote:
Rick Hillegas wrote:
In order to use JMX to monitor/configure Derby (and other
applications), I think that the following is true:
DerbyNet-Admin => JMX-Admin
Engine-Admin => JMX-Admin
DB-Admin => JMX-Admin
OtherApp-Admin => JMX-Admin
Right. "VM-Admin => JMX-Admin" is my shorthand for "If you are a
VM-Admin, then you are a JMX-Admin".
It's also key to note that JMX-Admins can have different identities, so
while OtherApp-Admin and DerbyNet-Admin may both be JMX-Admins, they may
not be able to perform the same operations.
Derby's JMX and DERBY-2109 should be coming together so that the policy
file can grant shutdown permission to JMXPrincipal('dan') and if I
connect via jmx then I can shutdown the server without having to provide
additional authentication. I think Rick pointed out that it was strange
to have to authenticate twice to shutdown the server.
If the JMXPrincipal is not authorized to shutdown then an additional
authentication step would be required to a become a valid (Derby)
SystemPrincipal.
For this mode to be enabled some changes are needed to DERBY-2109:
- Enforce Derby's security permissions if there is a security manager
(regardless of Derby's authentication state)
- Continue to support shutting the network server & engine down
without authentication credentials but only from within the same virtual
machine. This shutdown would require the Derby shutdown permission if a
security manager was installed.
- Ensure that the implementation follows the spec when it says that
Derby's permissions can be granted to code or other non-Derby Principals.
With those changes to DERBY-2109 then the jmx beans could be expanded to
support valid jmx users as system administrators.
Dan.
