Re: [Dev] [Findings] JMX access control : readOnly and readWrite access

2017-03-31 Thread Asma Jabir 
Hi,

You can try out the sample in the github repo [1].

[1] https://github.com/azinneera/JMX-access-control

Thank you

Regards,
Asma

On Fri, Mar 31, 2017 at 9:15 AM, Imesh Gunaratne  wrote:

> On Thu, Mar 30, 2017 at 3:02 PM, Asma Jabir  wrote:
>
>> Hi
>>
>> I have been looking into the $subject issue in the github c5 repo [1] and
>> following is the summary of the findings till date.
>>
>> - There is a simple inbuilt authentication and authorization mechanism in
>> JMX using password and access files. Roles can be specified with either
>> readOnly or readWrite privileges [2].
>>
>>- *readOnly* does not allow to change values or to invoke operations
>>but can monitor
>>- *readWrite *gives the total control over the server which allows to
>>change values and invoke operations
>>
>> Great work Asma!
> ​Will you be able to share the sample application that you implemented for
> verifying this functionality?
>
> Thanks
> Imesh
>
>
>> - Both password and access files are properties based text files for
>> specifying username/password pairs and username/access pairs respectively.
>>
>> - The password and access files could reside anywhere in the server and
>> should be provided upon server startup.
>>
>> - SSL is enabled by default for remote monitoring and thus the SSL should
>> be configured properly after setting up a digital certificate. System
>> properties for keystore and truststore should be set in the server.
>>
>> [1] https://github.com/wso2/carbon-kernel/issues/1247
>> [2] http://docs.oracle.com/javase/7/docs/technotes/guides/ma
>> nagement/agent.html
>> 
>>
>>
>> Thanks.
>>
>> Regards,
>> Asma
>> --
>> Asma Zinneera Jabir
>> Software Engineer
>> WSO2 Inc: http://wso2.com/
>> Contact No: +94 77 332 4752 <+94%2077%20332%204752>
>>
>>
>>
>
>
> --
> *Imesh Gunaratne*
> WSO2 Inc: http://wso2.com
> T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057>
> W: https://medium.com/@imesh TW: @imesh
> lean. enterprise. middleware
>
>


-- 
Asma Zinneera Jabir
Software Engineer
WSO2 Inc: http://wso2.com/
Contact No: +94 77 332 4752 <+94%2077%20332%204752>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Findings] JMX access control : readOnly and readWrite access

2017-03-30 Thread Imesh Gunaratne 
On Thu, Mar 30, 2017 at 3:02 PM, Asma Jabir  wrote:

> Hi
>
> I have been looking into the $subject issue in the github c5 repo [1] and
> following is the summary of the findings till date.
>
> - There is a simple inbuilt authentication and authorization mechanism in
> JMX using password and access files. Roles can be specified with either
> readOnly or readWrite privileges [2].
>
>- *readOnly* does not allow to change values or to invoke operations
>but can monitor
>- *readWrite *gives the total control over the server which allows to
>change values and invoke operations
>
> Great work Asma!
​Will you be able to share the sample application that you implemented for
verifying this functionality?

Thanks
Imesh


> - Both password and access files are properties based text files for
> specifying username/password pairs and username/access pairs respectively.
>
> - The password and access files could reside anywhere in the server and
> should be provided upon server startup.
>
> - SSL is enabled by default for remote monitoring and thus the SSL should
> be configured properly after setting up a digital certificate. System
> properties for keystore and truststore should be set in the server.
>
> [1] https://github.com/wso2/carbon-kernel/issues/1247
> [2] http://docs.oracle.com/javase/7/docs/technotes/guides/
> management/agent.html
> 
>
>
> Thanks.
>
> Regards,
> Asma
> --
> Asma Zinneera Jabir
> Software Engineer
> WSO2 Inc: http://wso2.com/
> Contact No: +94 77 332 4752 <+94%2077%20332%204752>
>
>
>


-- 
*Imesh Gunaratne*
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
lean. enterprise. middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [Findings] JMX access control : readOnly and readWrite access

2017-03-30 Thread Asma Jabir 
Hi

I have been looking into the $subject issue in the github c5 repo [1] and
following is the summary of the findings till date.

- There is a simple inbuilt authentication and authorization mechanism in
JMX using password and access files. Roles can be specified with either
readOnly or readWrite privileges [2].

   - *readOnly* does not allow to change values or to invoke operations but
   can monitor
   - *readWrite *gives the total control over the server which allows to
   change values and invoke operations

- Both password and access files are properties based text files for
specifying username/password pairs and username/access pairs respectively.

- The password and access files could reside anywhere in the server and
should be provided upon server startup.

- SSL is enabled by default for remote monitoring and thus the SSL should
be configured properly after setting up a digital certificate. System
properties for keystore and truststore should be set in the server.

[1] https://github.com/wso2/carbon-kernel/issues/1247
[2] http://docs.oracle.com/javase/7/docs/technotes/
guides/management/agent.html



Thanks.

Regards,
Asma
-- 
Asma Zinneera Jabir
Software Engineer
WSO2 Inc: http://wso2.com/
Contact No: +94 77 332 4752 <+94%2077%20332%204752>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev