[
https://issues.apache.org/jira/browse/KARAF-6654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17071372#comment-17071372
]
Blen Desta commented on KARAF-6654:
-----------------------------------
We are using the security manager on our system for a while now. We wanted to
turn on JMX but are running into issues. It seems to be linked to the security
manager. We are not using the security manager just to secure JMX.
> Remote JMX connection not working with security manager
> -------------------------------------------------------
>
> Key: KARAF-6654
> URL: https://issues.apache.org/jira/browse/KARAF-6654
> Project: Karaf
> Issue Type: Bug
> Components: karaf
> Affects Versions: 4.2.8
> Environment: Karaf version 4.2.8
> Reporter: Blen Desta
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Labels: JMX, SecurityManager, jmx
>
> We're unable to connect to remote JMX with security manager enabled.
>
> Steps to reproduce:
> * On Karaf 4.2.8, turn on the security manager by adding
> {{-Djava.security.manager}} and
> {{-Djava.security.policy==${KARAF_HOME}/etc/all.policy}}
> to the karaf script.
> * Using jconsole with debug logging, connect to the remote JMX using
> {{service:jmx:rmi:///jndi/rmi://localhost:1099/karaf-root}} and karaf/karaf
> as the username and password. Choose {{Insecure connection}}
> The connection will fail and you will get the following in the logs.
> Note: {{all.policy}} grants access to everything.
> {code:java}
> java.security.AccessControlException: access denied
> ("javax.security.auth.AuthPermission" "getSubject")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> at
> java.security.AccessController.checkPermission(AccessController.java:886)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at javax.security.auth.Subject.getSubject(Subject.java:287)
> at
> org.apache.felix.eventadmin.impl.handler.EventAdminImpl.prepareEvent(EventAdminImpl.java:146)
> at
> org.apache.felix.eventadmin.impl.handler.EventAdminImpl.postEvent(EventAdminImpl.java:180)
> at
> org.apache.felix.eventadmin.impl.security.EventAdminSecurityDecorator.postEvent(EventAdminSecurityDecorator.java:79)
> at
> org.apache.karaf.management.internal.EventAdminLoggerImpl.log(EventAdminLoggerImpl.java:56)
> at
> org.apache.karaf.management.internal.EventAdminMBeanServerWrapper.log(EventAdminMBeanServerWrapper.java:143)
> at
> org.apache.karaf.management.internal.EventAdminMBeanServerWrapper.getClassLoaderRepository(EventAdminMBeanServerWrapper.java:641)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.karaf.management.internal.MBeanInvocationHandler.invoke(MBeanInvocationHandler.java:60)
> at com.sun.proxy.$Proxy19.getClassLoaderRepository(Unknown Source)
> at
> javax.management.remote.rmi.RMIConnectionImpl$1.run(RMIConnectionImpl.java:137)
> at
> javax.management.remote.rmi.RMIConnectionImpl$1.run(RMIConnectionImpl.java:135)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.management.remote.rmi.RMIConnectionImpl.<init>(RMIConnectionImpl.java:134)
> at
> javax.management.remote.rmi.RMIJRMPServerImpl.makeClient(RMIJRMPServerImpl.java:207)
> at
> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:250)
> at
> javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
> at sun.rmi.transport.Transport$1.run(Transport.java:200)
> at sun.rmi.transport.Transport$1.run(Transport.java:197)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
> at
> sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
> at
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
> at
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> at
> sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:303)
> at
> sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:279)
> at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161)
> at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown
> Source)
> at
> javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2430)
> at
> javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
> at
> javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
> at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:370)
> at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
> at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:294)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
