This is an automated email from the ASF dual-hosted git repository. kao pushed a commit to branch 3.7.x in repository https://gitbox.apache.org/repos/asf/james-project.git
commit d3d738838634e1ccb6699e1af64f7e8c63b0bb84 Author: Benoit Tellier <[email protected]> AuthorDate: Fri Feb 17 10:21:12 2023 +0700 JAMES-3881 WARN if no JMX authentication is setup (cherry picked from commit 3718ee5a79e1986156c8c1e13ba201a02bb8f232) --- .../java/org/apache/james/app/spring/JamesAppSpringMain.java | 9 +++++++-- .../src/main/java/org/apache/james/modules/server/JMXServer.java | 4 ++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java b/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java index 7366395b6c..e88001f8ac 100644 --- a/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java +++ b/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java @@ -40,12 +40,17 @@ public class JamesAppSpringMain implements Daemon { private static final ObjectName ALL_OBJECT_NAME = null; private static final QueryExp ALL_QUERY_EXP = null; - private static final Logger log = LoggerFactory.getLogger(JamesAppSpringMain.class.getName()); + private static final Logger LOGGER = LoggerFactory.getLogger(JamesAppSpringMain.class.getName()); private JamesServerApplicationContext context; public static void main(String[] args) throws Exception { unregisterLog4JMBeans(); + if (System.getProperty("com.sun.management.jmxremote.password.file") == null) { + LOGGER.warn("No authentication setted up for the JMX component. This expose you to local privilege escalation attacks risk. " + + "This can be done via the 'com.sun.management.jmxremote.password.file' system property."); + } + long start = Calendar.getInstance().getTimeInMillis(); JamesAppSpringMain main = new JamesAppSpringMain(); @@ -53,7 +58,7 @@ public class JamesAppSpringMain implements Daemon { long end = Calendar.getInstance().getTimeInMillis(); - log.info("Apache James Server is successfully started in {} milliseconds.", end - start); + LOGGER.info("Apache James Server is successfully started in {} milliseconds.", end - start); } diff --git a/server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java b/server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java index 6aa801314a..901926dad2 100644 --- a/server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java +++ b/server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java @@ -121,6 +121,10 @@ public class JMXServer implements Startable { restrictingRMISocketFactory = new RestrictingRMISocketFactory(jmxConfiguration.getHost().getHostName()); LocateRegistry.createRegistry(jmxConfiguration.getHost().getPort(), restrictingRMISocketFactory, restrictingRMISocketFactory); generateJMXPasswordFileIfNeed(); + + if (!existJmxPasswordFile()) { + LOGGER.warn("No authentication setted up for the JMX component. This expose you to local privilege escalation attacks risk."); + } Map<String, String> environment = Optional.of(existJmxPasswordFile()) .filter(FunctionalUtils.identityPredicate()) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
