[
https://issues.apache.org/jira/browse/AMQ-8392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dima Chebotarskyi updated AMQ-8392:
-----------------------------------
Description:
h1. Background
JMX API is widely used by ActiveMQ users. There is a number of MBeans available
for ActiveMQ that contains multiple attributes and operations. Unconscious use
of some operations can lead to malfunction and ActiveMQ process interruption.
Example:
* TerminateJVM
[http://activemq.apache.org/maven/apidocs/org/apache/activemq/broker/jmx/BrokerViewMBean.html#terminateJVM-int-]
JMX API supports two roles: ReadOnly, ReadWrite. In some use cases, users may
want to restrict some operations to not allow JMX users with ReadWrite access
to perform operations.
There is a possibility of [Selective MBean
registration|https://activemq.apache.org/jmx], but it is not possible to
disable selected operations for particular MBean.
The Jolokia HTTP management API already supports JMX operations restriction via
configuration.
This Feature should provide the possibility to disable some of the operations
without disabling the whole MBean for JMX API.
h1. Proposed solution
One possible way to achieve it is to extend the configuration of ActiveMQ to
make it possible to define list of restricted JMX operations. Possible
configuration syntax:
{code:java}
<managementContext createConnector="false">
<restrict>
<command>terminateJVM</command>
<command>stop</command>
</restrict>
</managementContext>
{code}
h1. Related requests from community
*
[https://users.activemq.apache.narkive.com/thW9jlt0/remove-terminatejvm-from-jmx]
was:
h1. Background
JMX API is widely used by ActiveMQ users. There is a number of MBeans available
for ActiveMQ that contains multiple attributes and operations. Unconscious use
of some operations can lead to malfunction and ActiveMQ process interruption.
Example:
* TerminateJVM
[http://activemq.apache.org/maven/apidocs/org/apache/activemq/broker/jmx/BrokerViewMBean.html#terminateJVM-int-]
JMX API supports two roles: ReadOnly, ReadWrite. In some use cases, users may
want to restrict some operations to not allow JMX users with ReadWrite access
to perform operations.
There is a possibility of [Selective MBean
registration|https://activemq.apache.org/jmx], but it is not possible to
disable selected operations for particular MBean.
The Jolokia HTTP management API already supports JMX operations restriction via
configuration.
This Feature should provide the possibility to disable some of the operations
without disabling the whole MBean for JMX API.
h1. Propose solution
One possible way to achieve it is to extend the configuration of ActiveMQ to
make it possible to define list of restricted JMX operations. Possible
configuration syntax:
{code:java}
<managementContext createConnector="false">
<restrict>
<command>terminateJVM</command>
<command>stop</command>
</restrict>
</managementContext>
{code}
h1. Related requests from community
*
[https://users.activemq.apache.narkive.com/thW9jlt0/remove-terminatejvm-from-jmx]
> Add possibility to disable some JMX operations but not the whole MBean
> ----------------------------------------------------------------------
>
> Key: AMQ-8392
> URL: https://issues.apache.org/jira/browse/AMQ-8392
> Project: ActiveMQ
> Issue Type: New Feature
> Components: JMX
> Reporter: Dima Chebotarskyi
> Priority: Major
>
> h1. Background
> JMX API is widely used by ActiveMQ users. There is a number of MBeans
> available for ActiveMQ that contains multiple attributes and operations.
> Unconscious use of some operations can lead to malfunction and ActiveMQ
> process interruption. Example:
> * TerminateJVM
> [http://activemq.apache.org/maven/apidocs/org/apache/activemq/broker/jmx/BrokerViewMBean.html#terminateJVM-int-]
> JMX API supports two roles: ReadOnly, ReadWrite. In some use cases, users may
> want to restrict some operations to not allow JMX users with ReadWrite access
> to perform operations.
> There is a possibility of [Selective MBean
> registration|https://activemq.apache.org/jmx], but it is not possible to
> disable selected operations for particular MBean.
> The Jolokia HTTP management API already supports JMX operations restriction
> via configuration.
> This Feature should provide the possibility to disable some of the operations
> without disabling the whole MBean for JMX API.
> h1. Proposed solution
> One possible way to achieve it is to extend the configuration of ActiveMQ to
> make it possible to define list of restricted JMX operations. Possible
> configuration syntax:
> {code:java}
> <managementContext createConnector="false">
> <restrict>
> <command>terminateJVM</command>
> <command>stop</command>
> </restrict>
> </managementContext>
> {code}
> h1. Related requests from community
> *
> [https://users.activemq.apache.narkive.com/thW9jlt0/remove-terminatejvm-from-jmx]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
