glassfish
  1. glassfish
  2. GLASSFISH-14785

Direct JMX access to instances should allow only monitoring access, not control access

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1
    • Fix Version/s: 3.1.2.2, 4.0_b35
    • Component/s: amx
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

      Description

      One of our security requirements is to prevent users from contacting instances
      directly and making configuration changes. Direct access connections to
      instances using JMX are OK but the user should not be able to make config changes.

        Issue Links

          Activity

          Hide
          prasads added a comment -

          This has to be achieved by making significant changes to the DynamicInterceptor using the user credentials passed during authentication phase. Since the DynamicInterceptor itself is new and is being stabilized, I feel we should defer this for 3.2

          Show
          prasads added a comment - This has to be achieved by making significant changes to the DynamicInterceptor using the user credentials passed during authentication phase. Since the DynamicInterceptor itself is new and is being stabilized, I feel we should defer this for 3.2
          Hide
          prasads added a comment -

          Assigning issues to Naman

          Show
          prasads added a comment - Assigning issues to Naman
          Hide
          Tim Quinn added a comment -

          Fix checked in.

          Project: glassfish
          Repository: svn
          Revision: 53698
          Author: tjquinn
          Date: 2012-04-30 20:26:19 UTC
          Link:

          Log Message:
          ------------
          Fix for 14785

          These changes allows JMX clients to connect directly to instances and perform monitoring (read-only) work. Attempts to change attribute values or to invoke operations with affect other than INFO are rejected.

          Revisions:
          ----------
          53698

          Modified Paths:
          ---------------
          trunk/main/nucleus/admin/util/src/main/java/com/sun/enterprise/admin/util/GenericAdminAuthenticator.java
          trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXStartupService.java
          trunk/main/nucleus/admin/rest/rest-service/src/main/java/org/glassfish/admin/rest/adapter/RestAdapter.java
          trunk/main/nucleus/common/internal-api/src/main/java/org/glassfish/internal/api/AdminAccessController.java
          trunk/main/nucleus/common/mbeanserver/src/main/resources/com/sun/logging/enterprise/system/jmx/LogStrings.properties

          Added Paths:
          ------------
          trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/AdminAuthorizedMBeanServer.java
          trunk/main/nucleus/common/internal-api/src/main/java/org/glassfish/internal/api/JMXAdminPrincipal.java

          Show
          Tim Quinn added a comment - Fix checked in. Project: glassfish Repository: svn Revision: 53698 Author: tjquinn Date: 2012-04-30 20:26:19 UTC Link: Log Message: ------------ Fix for 14785 These changes allows JMX clients to connect directly to instances and perform monitoring (read-only) work. Attempts to change attribute values or to invoke operations with affect other than INFO are rejected. Revisions: ---------- 53698 Modified Paths: --------------- trunk/main/nucleus/admin/util/src/main/java/com/sun/enterprise/admin/util/GenericAdminAuthenticator.java trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXStartupService.java trunk/main/nucleus/admin/rest/rest-service/src/main/java/org/glassfish/admin/rest/adapter/RestAdapter.java trunk/main/nucleus/common/internal-api/src/main/java/org/glassfish/internal/api/AdminAccessController.java trunk/main/nucleus/common/mbeanserver/src/main/resources/com/sun/logging/enterprise/system/jmx/LogStrings.properties Added Paths: ------------ trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/AdminAuthorizedMBeanServer.java trunk/main/nucleus/common/internal-api/src/main/java/org/glassfish/internal/api/JMXAdminPrincipal.java
          Hide
          Tim Quinn added a comment -

          Further fix checked in.

          The changes allow read-only access to GlassFish MBeans in instances but all access to other MBeans (such as the JVM ones).

          Project: glassfish
          Repository: svn
          Revision: 54532
          Author: tjquinn
          Date: 2012-06-10 16:00:42 UTC
          Link:

          Log Message:
          ------------
          Refinements to allowing JMX access to instances.

          The earlier changes to allow JMX access to instances prohibited any access that had non-INFO impact, regardless of which MBean was used. That unnecessarily limited access to, for example, JVM MBeans. The goal is to prevent changes being made to GlassFish config directly to instances; other MBean access should be unrestricted.

          These changes impose the restriction only on GlassFish MBeans.

          Tests: QL, admin devtests

          Revisions:
          ----------
          54532

          Modified Paths:
          ---------------
          trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/AdminAuthorizedMBeanServer.java
          trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXStartupService.java

          Show
          Tim Quinn added a comment - Further fix checked in. The changes allow read-only access to GlassFish MBeans in instances but all access to other MBeans (such as the JVM ones). Project: glassfish Repository: svn Revision: 54532 Author: tjquinn Date: 2012-06-10 16:00:42 UTC Link: Log Message: ------------ Refinements to allowing JMX access to instances. The earlier changes to allow JMX access to instances prohibited any access that had non-INFO impact, regardless of which MBean was used. That unnecessarily limited access to, for example, JVM MBeans. The goal is to prevent changes being made to GlassFish config directly to instances; other MBean access should be unrestricted. These changes impose the restriction only on GlassFish MBeans. Tests: QL, admin devtests Revisions: ---------- 54532 Modified Paths: --------------- trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/AdminAuthorizedMBeanServer.java trunk/main/nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXStartupService.java
          Hide
          Tim Quinn added a comment -

          Re-opening to update fixed-in list.

          Show
          Tim Quinn added a comment - Re-opening to update fixed-in list.
          Hide
          Tim Quinn added a comment -

          Adding 3.1.2.2 to fixed-in list.

          Show
          Tim Quinn added a comment - Adding 3.1.2.2 to fixed-in list.

            People

            • Assignee:
              Tim Quinn
              Reporter:
              Tim Quinn
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: