Andrew created ARTEMIS-3325:
-------------------------------
Summary: JMX guard blocks local access to Artemis MBeans
Key: ARTEMIS-3325
URL: https://issues.apache.org/jira/browse/ARTEMIS-3325
Project: ActiveMQ Artemis
Issue Type: Bug
Components: JMX
Affects Versions: 2.17.0
Reporter: Andrew
Attachments: image-2021-06-02-14-48-40-876.png
In 2.17.0, there were some changes to JMX RBAC which enforces guarded JMX
access.
While this is fine for remote access to JMX, or the HTTP access to JMX via
Hawtio/Jolokia, it does seem that local connections are blocked from reading
the Mbeans for:
{code:java}
org.apache.activemq.artemis.*{code}
This wasn't the case for 2.16.0 and earlier.
Since there doesn't seem to be a way to pass authentication on the JMX Attach
API with something like Jconsole, therefore we need a bypass for the guarded
access to enable read-only access to the Artemis Mbeans for monitoring
purposes. As you can see, they are in 'unavailable' state for Jconsole.
!image-2021-06-02-14-48-40-876.png!
The Artemis documentation on security states that Jconsole will use
BasicSecurityManager, not JAAS, but it's not made clear that this means only
remote access:
[https://activemq.apache.org/components/artemis/documentation/latest/security.html#basic-security-manager]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
