You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Robbie Gemmell (JIRA)" <qp...@incubator.apache.org> on 2009/11/11 10:04:39 UTC

[jira] Updated: (QPID-2189) only admin level users can complete connection to 2.5.0.0 or below (when configured to use / JMXMP)

     [ https://issues.apache.org/jira/browse/QPID-2189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robbie Gemmell updated QPID-2189:
---------------------------------

    Status: Ready To Review  (was: In Progress)

> only admin level users can complete connection to 2.5.0.0 or below (when configured to use <security-enabled> / JMXMP)
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-2189
>                 URL: https://issues.apache.org/jira/browse/QPID-2189
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Management : JMX Console
>    Affects Versions: 0.6
>            Reporter: Robbie Gemmell
>            Assignee: Robbie Gemmell
>             Fix For: 0.6
>
>
> Only admin level users can complete connection to 2.5.0.0, or older brokers configured to use <security-enabled> / JMXMP for their management connection.
> Thisis due to the new console using a fallback method to determine what 'Qpid JMX API' version to classify the broker as supporting. In doing so, the console queries the MbeanServerConnection for the existence of the UserManagement MBean using an exact match for its 'type' key. Whilst other calls to the same queryNames method will return the UserManagement MBean's ObjectName, the broker uses the exact type of this MBean to prevent non-admin users from actually accessing it and so when the query is an exact match is placed in the query this raises a SecurityException and causes the connection to fail.
> The solution is to change the query to use an ObjectName pattern to match the UserManagement MBean which will still match only the Mbean in question but prevent the security check from denying the request.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org