[
https://issues.apache.org/jira/browse/GERONIMO-6314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13289278#comment-13289278
]
Tina Li commented on GERONIMO-6314:
-----------------------------------
Hi Forrest,
1.For the users of admin group, they can connect to JMX and have readwrite
permission to access the Mbeans through jconsole.
2.For the users of monitor group, they can connect to JMX and have read-only
permission to Mbeans, for example, the user monitor/password in monitor group.
3.For insecured JMX connector:
Run <JDK_HOME>/bin/jconsole,in the dialog Connect to Agent of JConsole, click
Advanced, and input the information:
JMX URL:service:jmx:rmi:///jndi/rmi://localhost:1099/JMXConnector
username:monitor
password:password
Access Mbeans,the user only has read permission otherwise the error message
"Access denied!Invalid access level for requested MbeanServer operation" will
pop up.
4.For secured JMX connector:
4.1 Disable insecured jmx server:Edit the
<geronimo_home>/var/config/config.xml configuration file and add load="false"
attribute to the following entry:<gbean name="JMXService">
4.2 Start jmx-security module through admin console
4.3 Run <JDK_HOME>/bin/jconsole
-J-Djavax.net.ssl.keyStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-J-Djavax.net.ssl.keyStorePassword=secret
-J-Djavax.net.ssl.trustStore=$GERONIMO_HOME/var/security/keystores/geronimo-default
-J-Djavax.net.ssl.trustStorePassword=secret
JMX URL:service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector
username:monitor
password:password
4.4 Access Mbeans,the user only has read permission otherwise the error
message "Access denied!Invalid access level for requested MbeanServer
operation" will pop up.
5. For the users in admin group, try steps 3~4, they have readwrite permission
to Mbeans.
> Add monitor role to protect the JMX access
> --------------------------------------------
>
> Key: GERONIMO-6314
> URL: https://issues.apache.org/jira/browse/GERONIMO-6314
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: connector, JVM-compatibility
> Affects Versions: 3.0-beta-1
> Environment: linux,windows
> Reporter: Tina Li
> Assignee: Tina Li
> Fix For: 3.0-beta-2
>
> Attachments: GERONIMO-6314_formatUpdated.patch
>
>
> Currently, only the admin user can connect to JMX and the admin user has
> read/write access to MBeans. Now find a method to let "monitor" role also can
> access JMX but only has read-only access.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
