You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Domenico Francesco Bruscino (Jira)" <ji...@apache.org> on 2021/06/03 08:58:00 UTC
[jira] [Work started] (ARTEMIS-3325) JMX guard blocks local access
to Artemis MBeans
[ https://issues.apache.org/jira/browse/ARTEMIS-3325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on ARTEMIS-3325 started by Domenico Francesco Bruscino.
------------------------------------------------------------
> JMX guard blocks local access to Artemis MBeans
> -----------------------------------------------
>
> Key: ARTEMIS-3325
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3325
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: JMX
> Affects Versions: 2.17.0
> Reporter: Andrew
> Assignee: Domenico Francesco Bruscino
> Priority: Minor
> Labels: JConsole, JMX, artemis, documentation
> Attachments: image-2021-06-02-14-48-40-876.png
>
>
> In 2.17.0, there were some changes to JMX RBAC which enforces guarded JMX access.
> While this is fine for remote access to JMX, or the HTTP access to JMX via Hawtio/Jolokia, it does seem that local connections are blocked from reading the Mbeans for:
> {code:java}
> org.apache.activemq.artemis.*{code}
> This wasn't the case for 2.16.0 and earlier.
> Since there doesn't seem to be a way to pass authentication on the JMX Attach API with something like Jconsole, therefore we need a bypass for the guarded access to enable read-only access to the Artemis Mbeans for monitoring purposes. As you can see, they are in 'unavailable' state for Jconsole.
> !image-2021-06-02-14-48-40-876.png!
> The Artemis documentation on security states that Jconsole will use BasicSecurityManager, not JAAS, but it's not made clear that this means only remote access: [https://activemq.apache.org/components/artemis/documentation/latest/security.html#basic-security-manager]
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)