[
https://issues.apache.org/jira/browse/AMQ-4567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dejan Bosanac resolved AMQ-4567.
--------------------------------
Resolution: Fixed
Yes, I think it's the most we can do at this moment. There are two roles for
the web console and we should always assume JMX access is the admin access to
the broker.
> JMX operations on broker bypass authorization plugin
> -----------------------------------------------------
>
> Key: AMQ-4567
> URL: https://issues.apache.org/jira/browse/AMQ-4567
> Project: ActiveMQ
> Issue Type: New Feature
> Components: Broker
> Affects Versions: 5.8.0
> Reporter: Torsten Mielke
> Assignee: Dejan Bosanac
> Labels: authorization
> Fix For: 5.9.0
>
>
> When securing the broker using authentication and authorization, any JMX
> operations on the broker completely bypass the authorization plugin.
> So anyone can modify the broker bypassing the security checks. Also, because
> of this its not possible to define a read only user for the web console.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
