[
https://issues.apache.org/jira/browse/ARTEMIS-3325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram resolved ARTEMIS-3325.
-------------------------------------
Resolution: Information Provided
> JMX guard blocks local access to Artemis MBeans
> -----------------------------------------------
>
> Key: ARTEMIS-3325
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3325
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: JMX
> Affects Versions: 2.17.0
> Reporter: Andrew
> Assignee: Domenico Francesco Bruscino
> Priority: Minor
> Labels: JConsole, JMX, artemis, documentation
> Attachments: image-2021-06-02-14-48-40-876.png
>
>
> In 2.17.0, there were some changes to JMX RBAC which enforces guarded JMX
> access.
> While this is fine for remote access to JMX, or the HTTP access to JMX via
> Hawtio/Jolokia, it does seem that local connections are blocked from reading
> the Mbeans for:
> {code:java}
> org.apache.activemq.artemis.*{code}
> This wasn't the case for 2.16.0 and earlier.
> Since there doesn't seem to be a way to pass authentication on the JMX Attach
> API with something like Jconsole, therefore we need a bypass for the guarded
> access to enable read-only access to the Artemis Mbeans for monitoring
> purposes. As you can see, they are in 'unavailable' state for Jconsole.
> !image-2021-06-02-14-48-40-876.png!
> The Artemis documentation on security states that Jconsole will use
> BasicSecurityManager, not JAAS, but it's not made clear that this means only
> remote access:
> [https://activemq.apache.org/components/artemis/documentation/latest/security.html#basic-security-manager]
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
