[
https://issues.apache.org/jira/browse/AMQ-4567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13673160#comment-13673160
]
Christian Posta commented on AMQ-4567:
--------------------------------------
I suppose the original idea was for read/write access to JMX to be a
admin-priviledged function... Should we enhance that to enforce authn authz at
the jmx level with the thought users might be using JMX?
> JMX operations on broker bypass authorization plugin
> -----------------------------------------------------
>
> Key: AMQ-4567
> URL: https://issues.apache.org/jira/browse/AMQ-4567
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.8.0
> Reporter: Torsten Mielke
> Labels: authorization
>
> When securing the broker using authentication and authorization, any JMX
> operations on the broker completely bypass the authorization plugin.
> So anyone can modify the broker bypassing the security checks. Also, because
> of this its not possible to define a read only user for the web console.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
