You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@servicemix.apache.org by william1104 <wi...@gmail.com> on 2006/03/28 11:30:13 UTC

How to security JMX Connection without deploying ServiceMix to Geronimo

Dear all,

Did anyone try to secure the JMXConnector with usernamd/password, such that
unauthenticated user cannot connect the JMX Server. 

Since we want ServiceMix to be standalone, could we achieve this without
deploying ServiceMix to Geronimo? Thanks a lot for any kindly help. 

Regards,
William
--
View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a3626515
Sent from the ServiceMix - User forum at Nabble.com.

Re: How to security JMX Connection without deploying ServiceMix to Geron

Posted by william1104 <wi...@gmail.com>.

Dear all,

Be more specific, how can we specify the "JMXAuthenticator" for the
JMXConnectorServer creation? We know that we can do so with MX4J. However,
can we do that with ServiceMix also? 

Thanks and regards,
William
--
View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a3626602
Sent from the ServiceMix - User forum at Nabble.com.

Re: How to security JMX Connection without deploying ServiceMix to Geron

Posted by william1104 <wi...@gmail.com>.

Hi Guilaume,

Just have submitted the request to JIRA with patch attached. [Title: Make
JbiTask acquire JMX connection with username and password] Please let me
know if anything else is needed. 

Thanks and regards,
William
--
View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a4133051
Sent from the ServiceMix - User forum at Nabble.com.

Re: How to security JMX Connection without deploying ServiceMix to Geron

Posted by Guillaume Nodet <gn...@gmail.com>.

Sure, would you mind raising a JIRA and attach your patch ?
I will commit it asap.

Cheers,
Guillaume Nodet

On 4/27/06, william1104 <wi...@gmail.com> wrote:
>
> Hi Guilaume,
>
> Thanks a lot for the help and sample provided. With that the servicemix
> server become securer.
>
> However, we got another problem in managing the servicemix with ant task
> when the authentication is required. I found that it is because JbiTask does
> not acquire the JMX connection with the username and password provided. I
> have downloded the source code of JbiTask (Revision: 391950) and found that
> the following method connecting to the JMX server with URL only.
>
>     public JMXConnector getJMXConnector (JMXServiceURL url) throws
> IOException {
>         return JMXConnectorFactory.connect(url);
>     }
>
> Should we modify it to something like:
>
>     public JMXConnector getJMXConnector (JMXServiceURL url) throws
> IOException {
>         String[] credentials = new String[]{getUsername(),getPassword()};
>         Map environment = new HashMap();
>         environment.put(JMXConnector.CREDENTIALS, credentials);
>         return JMXConnectorFactory.connect(url,environment);
>     }
>
> Or modify the JbiTask interface to let it to accept a more generic
> credential, e.g. password file?
>
> Thanks and regards,
> William
> --
> View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a4113704
> Sent from the ServiceMix - User forum at Nabble.com.
>
>

Re: How to security JMX Connection without deploying ServiceMix to Geron

Posted by william1104 <wi...@gmail.com>.

Hi Guilaume,

Thanks a lot for the help and sample provided. With that the servicemix
server become securer. 

However, we got another problem in managing the servicemix with ant task
when the authentication is required. I found that it is because JbiTask does
not acquire the JMX connection with the username and password provided. I
have downloded the source code of JbiTask (Revision: 391950) and found that
the following method connecting to the JMX server with URL only. 

    public JMXConnector getJMXConnector (JMXServiceURL url) throws
IOException {
        return JMXConnectorFactory.connect(url);
    }

Should we modify it to something like: 

    public JMXConnector getJMXConnector (JMXServiceURL url) throws
IOException {
        String[] credentials = new String[]{getUsername(),getPassword()};
        Map environment = new HashMap();
        environment.put(JMXConnector.CREDENTIALS, credentials);
        return JMXConnectorFactory.connect(url,environment);
    }

Or modify the JbiTask interface to let it to accept a more generic
credential, e.g. password file? 

Thanks and regards,
William
--
View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a4113704
Sent from the ServiceMix - User forum at Nabble.com.

Re: How to security JMX Connection without deploying ServiceMix to Geronimo

Posted by Guillaume Nodet <gn...@gmail.com>.

Take a look at http://svn.apache.org/viewcvs?rev=389508&view=rev
to see how this can be done using mx4j.

Cheers,
Guillaume Nodet

On 3/28/06, Guillaume Nodet <gn...@gmail.com> wrote:
> Hi William,
>
> On 3/28/06, william1104 <wi...@gmail.com> wrote:
> >
> > Dear all,
> >
> > Did anyone try to secure the JMXConnector with usernamd/password, such that
> > unauthenticated user cannot connect the JMX Server.
>
> This should be possible by creating the JMX server in spring and
> passing the reference to the jbi container.  It will allow you to
> fully configure (and secure) the jmx server.
>
> >
> > Since we want ServiceMix to be standalone, could we achieve this without
> > deploying ServiceMix to Geronimo? Thanks a lot for any kindly help.
>
> It will be even more difficult as ServiceMix must use its own jmx
> connector, because Geronimo does not expose MBeans created by
> ServiceMix, but only Geronimo GBeans...
>
> Cheers,
> Guillaume Nodet
>
> >
> > Regards,
> > William
> > --
> > View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a3626515
> > Sent from the ServiceMix - User forum at Nabble.com.
> >
> >
>

Re: How to security JMX Connection without deploying ServiceMix to Geronimo

Posted by Guillaume Nodet <gn...@gmail.com>.

Hi William,

On 3/28/06, william1104 <wi...@gmail.com> wrote:
>
> Dear all,
>
> Did anyone try to secure the JMXConnector with usernamd/password, such that
> unauthenticated user cannot connect the JMX Server.

This should be possible by creating the JMX server in spring and
passing the reference to the jbi container.  It will allow you to
fully configure (and secure) the jmx server.

>
> Since we want ServiceMix to be standalone, could we achieve this without
> deploying ServiceMix to Geronimo? Thanks a lot for any kindly help.

It will be even more difficult as ServiceMix must use its own jmx
connector, because Geronimo does not expose MBeans created by
ServiceMix, but only Geronimo GBeans...

Cheers,
Guillaume Nodet

>
> Regards,
> William
> --
> View this message in context: http://www.nabble.com/How-to-security-JMX-Connection-without-deploying-ServiceMix-to-Geronimo-t1354635.html#a3626515
> Sent from the ServiceMix - User forum at Nabble.com.
>
>