we're looking to secure access to the core jboss mbeans (and possibly other
aspects of the system). specifically, we want to prevent "rogue" access to
shutting down the jboss server instance. i believe in the default
configuration, once a server has been started, that any user on the network,
can issue the shutdown command to the server via the remote mbean interfaces
with code such as:
| ctx = new InitialContext();
|
| MBeanServerConnection server = (MBeanServerConnection)
ctx.lookup("jmx/invoker/RMIAdaptor");
| String [] outval = null;
| server.invoke(new ObjectName("jboss.system:type=Server"), "shutdown",
new Object[0], outval);
|
where the jndi.properties file gets an ic from the remote host.
so, 1, is there a way to secure the remote mbean access? (by default on SuSE
linux, it appeared fairly secure as they seem to use 127.0.0.2 for the loopback
device which caused trouble issuing the shutdown, is this secure enough?)
and 2, can i just turn off remote access to the jndi access and only allow that
to communicate on the localhost?
any thoughts/help would be most appreciated. we've seen instances in the jboss
logs where the server would just go down cleanly, and we can't see where the
shutdown command originated from. we'd like to rule out the possibility of
someone blindly shutting down the servers.
thanks!
~mark
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3884004#3884004
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3884004
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
