Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen

[Daniel John Debrunner <dj...@apache.org>]

  JohnHEmbretsen wrote:

>  * Let's simplify things by saying that MBeans have essentially two states: ''enabled'' or ''disabled''
>     * An '''enabled''' (registered) MBean is visible/accessible to any valid JMX user.

> 
> === SystemMBean ===

>  * May be enabled only if system-wide authentication ('''derby-authc''') is ''disabled'' in Derby (default),

Nice page. Just to point out that the use of "enabled" in SystemMBean 
does not match the definition of "enabled" earlier in the page.

The SystemMBean section is really talking about if an attribute or 
operation is visible or useable by a specific jmx-user, not if the bean 
is enabled or not.

Dan.

Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen

["John H. Embretsen" <Jo...@Sun.COM>]

Daniel John Debrunner wrote:
> John Embretsen wrote:
>> Daniel John Debrunner wrote:

>>> The SystemMBean section is really talking about if an attribute or 
>>> operation is visible or useable by a specific jmx-user, not if the 
>>> bean is enabled or not.
>>
>> My intention was to talk about if the entire bean is enabled 
>> (registered) or not. But perhaps my thinking is flawed. I guess I was 
>> basing this description upon one possible way to implement this kind 
>> of control, by not letting the bean be registered if the JMX user has 
>> not been authenticated (we may for instance put logic in a 
>> preRegister() method of the MBean).
> 
> Maybe I'm confused. I thought Derby's MBeans were registered by Derby's 
> code, not a jmx-user. Once a mbean was registered any jmx-user could see 
> it?

Yes, that's true. Though in theory it is possible for a jmx-user to 
register MBeans as well, e.g. by using 
javax.management.MBeanServerConnection#createMBean() methods. But that 
was not what I was thinking about when I wrote that page.

> Is there another step where the mbean gets registered in the view of the 
> jmx-user connecting to the system?

My thinking was flawed in the sense that I did not remember to consider 
the fact that, currently, the SystemMbean is enabled automatically at 
Derby boot-time. I need to re-think this and update the wiki, but I'll 
probably take a break first to recharge ;) Though feel free to edit the 
wiki page if you want...


-- 
John

Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen

[Daniel John Debrunner <dj...@apache.org>]

John Embretsen wrote:
> Daniel John Debrunner wrote:
>>  JohnHEmbretsen wrote:
>>
>>>  * Let's simplify things by saying that MBeans have essentially two 
>>> states: ''enabled'' or ''disabled''
>>>     * An '''enabled''' (registered) MBean is visible/accessible to 
>>> any valid JMX user.
>>
>>>
>>> === SystemMBean ===
>>
>>>  * May be enabled only if system-wide authentication 
>>> ('''derby-authc''') is ''disabled'' in Derby (default),
>>
>> Nice page. Just to point out that the use of "enabled" in SystemMBean 
>> does not match the definition of "enabled" earlier in the page.
>>
>> The SystemMBean section is really talking about if an attribute or 
>> operation is visible or useable by a specific jmx-user, not if the 
>> bean is enabled or not.
> 
> My intention was to talk about if the entire bean is enabled 
> (registered) or not. But perhaps my thinking is flawed. I guess I was 
> basing this description upon one possible way to implement this kind of 
> control, by not letting the bean be registered if the JMX user has not 
> been authenticated (we may for instance put logic in a preRegister() 
> method of the MBean).

Maybe I'm confused. I thought Derby's MBeans were registered by Derby's 
code, not a jmx-user. Once a mbean was registered any jmx-user could see it?

Is there another step where the mbean gets registered in the view of the 
jmx-user connecting to the system?


Dan.

Re: [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen

[John Embretsen <Jo...@Sun.COM>]

Daniel John Debrunner wrote:
>  JohnHEmbretsen wrote:
> 
>>  * Let's simplify things by saying that MBeans have essentially two 
>> states: ''enabled'' or ''disabled''
>>     * An '''enabled''' (registered) MBean is visible/accessible to any 
>> valid JMX user.
> 
>>
>> === SystemMBean ===
> 
>>  * May be enabled only if system-wide authentication 
>> ('''derby-authc''') is ''disabled'' in Derby (default),
> 
> Nice page. Just to point out that the use of "enabled" in SystemMBean 
> does not match the definition of "enabled" earlier in the page.
> 
> The SystemMBean section is really talking about if an attribute or 
> operation is visible or useable by a specific jmx-user, not if the bean 
> is enabled or not.

My intention was to talk about if the entire bean is enabled (registered) or 
not. But perhaps my thinking is flawed. I guess I was basing this description 
upon one possible way to implement this kind of control, by not letting the bean 
be registered if the JMX user has not been authenticated (we may for instance 
put logic in a preRegister() method of the MBean).


-- 
John