[
https://issues.apache.org/jira/browse/KARAF-3147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14580135#comment-14580135
]
Guillaume Nodet commented on KARAF-3147:
----------------------------------------
I think this is a general security constraint, but simply securing the JMX
access does not fix the issue imho.
In particular, if you have a way to deploy a bundle, you can pretty much do
anything you want, including removing bundles, updating bundles, shutting down
the framework, deleting all files, etc...
Without a security manager in place, there's nothing we can really do.
However, if there's no security manager configured, I don't really see the
point of securing inner JVM calls, so I think any solution should take this
into account.
> Local JMX connect is not possible
> ---------------------------------
>
> Key: KARAF-3147
> URL: https://issues.apache.org/jira/browse/KARAF-3147
> Project: Karaf
> Issue Type: Bug
> Components: karaf-core
> Affects Versions: 3.0.1
> Environment: OS X, JDK 7
> Reporter: Achim Nierbeck
> Assignee: Guillaume Nodet
> Priority: Critical
> Fix For: 3.0.4, 4.0.0.M3, 2.4.3
>
>
> With neither local process nor with remote jmx connection
> {code}
> service:jmx:rmi://0.0.0.0:44444/jndi/rmi://0.0.0.0:1099/karaf-root
> {code}
> it's possible to connect to Karaf via JMX.
> Neither JConsole nor VisualVM is usable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
