[
https://issues.apache.org/jira/browse/AMQ-4567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13695381#comment-13695381
]
Ramzy Jelassi commented on AMQ-4567:
------------------------------------
Well , enhancing the web console should be done too i think. Actually , it will
be great to have a reliable authorization context to allow users once
authenticated to access only AMQ objects already assigned to them in the
container.
Regards
> JMX operations on broker bypass authorization plugin
> -----------------------------------------------------
>
> Key: AMQ-4567
> URL: https://issues.apache.org/jira/browse/AMQ-4567
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.8.0
> Reporter: Torsten Mielke
> Labels: authorization
>
> When securing the broker using authentication and authorization, any JMX
> operations on the broker completely bypass the authorization plugin.
> So anyone can modify the broker bypassing the security checks. Also, because
> of this its not possible to define a read only user for the web console.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
