|mmmmmmmm,
|Yeah, JMX is dumb security wise but is Weblogic or WebSphere better
|with their console. If you now their protocol you can still access a App.
|Server and change them without the right access rights (or am I wrong).
nasty...
|>From my point of view to add security is not simple but straight forward
|when we can create our own JMX MBeanServer:
|- add a Security Service like the <MLET> service which is available
| from the startup of MBeanServer.
|- before executing a method (get, set, invoke, add or remote Notification
| listener the MBeanServer asks the Security Service if the user has the
| right permission.
|- the Security Service can then check its DB and see if the user is allowed
| to do what he/she wants to do
|- if the Security Service does not give permission it throws an Exception
|
|Do you like it?
yes I like it, except that you rewrite the MBeanServer, are you sure you
want to do that soldier?
(and if you do and you have the money then who I am to tell you no?)
marc
|
|Mad Andy
|
|----- Original Message -----
|From: "marc fleury" <[EMAIL PROTECTED]>
|To: "jBoss" <[EMAIL PROTECTED]>
|Sent: Monday, December 04, 2000 9:09 AM
|Subject: RE: [jBoss-User] Remote jboss monitoring
|
|
|> mmmm,
|> the problem with JMX is that there is no security built in the framework
|> (yet). I am not talking about app security I am talking about "can you
|call
|> this operation on this MBean".
|>
|> Right now the MBeanServer doesn't know that the 2 MBeans that you just
|> instanciated well one does "log on/off" the other one holds your
|DB passwd
|> and the number of your visa card, to him it is just MBeans with
|attributes.
|> He is dumb security wise.
|>
|> In other words, we need to secure the JMX implementation
|otherwise someone
|> can still query the basic MBeanServer for the information.
|>
|> marc
|>
|>
|> |-----Original Message-----
|> |From: [EMAIL PROTECTED]
|> |[mailto:[EMAIL PROTECTED]]On Behalf Of Maddison, David
|> |Sent: Monday, December 04, 2000 3:13 AM
|> |To: jBoss
|> |Subject: RE: [jBoss-User] Remote jboss monitoring
|> |
|> |
|> |The attributes of the services though could be exposed, and
|> |security left up
|> |to the MonitorMBeans or the Adaptor?
|> |
|> |David Maddison
|> |
|> |-----Original Message-----
|> |From: Juha-P Lindfors [mailto:[EMAIL PROTECTED]]
|> |Sent: 04 December 2000 10:55
|> |To: jBoss
|> |Subject: Re: [jBoss-User] Remote jboss monitoring
|> |
|> |
|> |
|> |
|> |On Mon, 4 Dec 2000, Tim Yates wrote:
|> |> Hiya... is there a way of monitoring jBoss statistics whilst it is
|> |running
|> |> such as an EAR, or a stand alone java app?
|> |
|> |No, not yet though working on it.
|> |
|> |However, the first version won't allow remote monitoring, just
|localhost,
|> |cause I have yet to find the place to drop anything security related in
|> |the server architecture. This would include the remote JMX management
|> |authentication, admin tool authentication, etc. It will most likely tie
|to
|> |JNP somehow, I don't know. Hopefully it would allow the web based JMX
|> |management to be enabled in real world deployments as well.
|> |
|> |Anything particular you'd like to monitor?
|> |
|> |-- Juha
|> |
|> |
|> |
|> |
|> |--
|> |--------------------------------------------------------------
|> |To subscribe: [EMAIL PROTECTED]
|> |To unsubscribe: [EMAIL PROTECTED]
|> |Problems?: [EMAIL PROTECTED]
|> |
|> |
|> |
|> |
|> |--
|> |--------------------------------------------------------------
|> |To subscribe: [EMAIL PROTECTED]
|> |To unsubscribe: [EMAIL PROTECTED]
|> |Problems?: [EMAIL PROTECTED]
|> |
|> |
|>
|>
|>
|> --
|> --------------------------------------------------------------
|> To subscribe: [EMAIL PROTECTED]
|> To unsubscribe: [EMAIL PROTECTED]
|> Problems?: [EMAIL PROTECTED]
|>
|
|
|
|--
|--------------------------------------------------------------
|To subscribe: [EMAIL PROTECTED]
|To unsubscribe: [EMAIL PROTECTED]
|Problems?: [EMAIL PROTECTED]
|
|
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
