Hi Vesco > Sorry for this, but I have thought that the MEJB can be a SECURE way to > manage jboss.
JSR-77 is here to manage JBoss but not to configure or deploy components. When you have a look at the specification you never see JMX mentioned (except for the MEJB implementation but there it is only to reuse classes) and therefore you cannot expect that you can reach a MBeanServer with MEJB (the spec. doesn't say and therefore anything else is vendor specifc). Use EJB-Adaptor/Connector now for a secure what to access JBoss but note that you have to setup security the right way for that. > If this is not the right way to do, ok sorry. At least you find a bug of the EJB-Adaptor which I will fix, too. But you caused a lot of trouble because we were focusing on the wrong issue. > But I think that since this the possibility to invoke every exported jmx > resource, we must check :-) No, in MEJB there is the possibility but I will (soon) add a check to prevent users from accessing the MBeanServer outside of the JSR-77 domain. Therefore no check is necessary but for the EJB-Adaptor it is and I will change the TX attribute to "NotSupported" there as well. > Please peace :-) Next time please be more specific and tell us up front what you did (code wise) and what the log / output told you. Don't get me wrong I appreciate your support but try to avoid causing unnecessary troubles. Peace - Andy _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
