[JBoss-dev] Security in JSR-77 stuff / JMX
Andreas, Is security addressed at all in either the JSR-77 stuff, or in how JMX is used to manage JBoss? In the current JMX HTTP adaptor, port 8082, it is a little dangerous to expose shutdown functionality, for instance. I know in a production system I would disable the HTTP adaptor for this reason. But, we have code that relies on it being there (see org.jboss.Shutdown). We need to have a consistent mechanism to perform such functions that takes security into account. Actually, looking through some code it seems as if you maybe have in mind to use the standard EJB security model, is that right? Excuse me if I am asking the wrong questions since I'm a newbie here. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., the leading provider of Net services software. ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
RE: [JBoss-dev] Security in JSR-77 stuff / JMX
that is the purpose of the MEJB, to provide EJB security semantics to the API in a standard well defined way. |Andreas, | Is security addressed at all in either the JSR-77 stuff, or in how |JMX is used to manage JBoss? In the current JMX HTTP adaptor, port |8082, it is a little dangerous to expose shutdown functionality, for |instance. I know in a production system I would disable the HTTP |adaptor for this reason. But, we have code that relies on it being |there (see org.jboss.Shutdown). We need to have a consistent mechanism |to perform such functions that takes security into account. | Actually, looking through some code it seems as if you maybe have in |mind to use the standard EJB security model, is that right? | | Excuse me if I am asking the wrong questions since I'm a newbie |here. | |Jeff Tulley ([EMAIL PROTECTED]) |(801)861-5322 |Novell, Inc., the leading provider of Net services software. ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
Re: [JBoss-dev] Security in JSR-77 stuff / JMX
MEJB works similar to the EJB-Adaptor which was created because of this reason. But be aware that this is only MEJB level meaning that you give access to someone (for all management activity) or not. Andy - Original Message - From: marc fleury [EMAIL PROTECTED] To: Jeff Tulley [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 10, 2001 10:56 AM Subject: RE: [JBoss-dev] Security in JSR-77 stuff / JMX that is the purpose of the MEJB, to provide EJB security semantics to the API in a standard well defined way. |Andreas, | Is security addressed at all in either the JSR-77 stuff, or in how |JMX is used to manage JBoss? In the current JMX HTTP adaptor, port |8082, it is a little dangerous to expose shutdown functionality, for |instance. I know in a production system I would disable the HTTP |adaptor for this reason. But, we have code that relies on it being |there (see org.jboss.Shutdown). We need to have a consistent mechanism |to perform such functions that takes security into account. | Actually, looking through some code it seems as if you maybe have in |mind to use the standard EJB security model, is that right? | | Excuse me if I am asking the wrong questions since I'm a newbie |here. | |Jeff Tulley ([EMAIL PROTECTED]) |(801)861-5322 |Novell, Inc., the leading provider of Net services software. ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development ___ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development