[
https://issues.apache.org/jira/browse/QPID-1511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Gemmell updated QPID-1511:
---------------------------------
Attachment: QPID-1511_wip_19dec2008.patch
I have made a new patch of the progress on this, QPID-1511_wip_19dec2008.patch.
It uses SSL and to encrypt the RMI based connections and performs user
authentication. The RMI based connector server is now subject to the access
rights system like the JMXMP based connector server is. The JMXMP capability is
retained with the patch, but is all collected within a single if statement and
so easily removed, as has been discussed (i think it would be good to have 1
revision where its there before removing it).
I know Aidan is doing work in this area to combine common management
functionality for the console and cli that will invalidate this version of the
patch, but i thought it would be useful for clarity to put it up just now, i
will roll another when thats done. This patch also incorporates/alters changes
i posted in a patch to QPID-1532 which havent been commited yet.
I actually wouldnt recommend adding this stuff until after the post-M4 release
of the console anyway, and once the MBean compatibility issues have been
discussed. These features will allow prevention of old management consoles
connecting to new brokers which implement whatever compatibility solution is
determined.
> JMX Interface does not require authentication
> ---------------------------------------------
>
> Key: QPID-1511
> URL: https://issues.apache.org/jira/browse/QPID-1511
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker, Java Management : JMX Console
> Affects Versions: M1, M2, M2.1, M3, M4
> Reporter: Martin Ritchie
> Attachments: QPID-1511_wip_19dec2008.patch,
> QPID-1511_wip_8dec2008.patch
>
>
> Summary:
> JMX Interface uses the default RMI connector which has no authentication
> mechanism. We should not be shipping a JMX interface that doesn't have
> authentication. The interface has been disabled by default for M4 but this
> should be modified based on the outcome of the discussion on qpid-dev to
> authenticate all connections.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
