3 Replies Latest reply on Jul 12, 2004 7:58 PM by rufusness

RMI Invoker Adaptor Security

rufusness Jun 28, 2004 2:02 PM

A proprietary adaptor that provides an RMI interface to the JBoss JMX MBeanServer over any protocol for which a detached inovoker exists. The default configuration uses RMI/JRMP. This service can be secured by specifying the interface and port on which the service runs as well as by adding role based or custom security using an XMBean.

The above quote is from a JBoss document explaining how to secure the service used to communicate with JMX via RMI/JRMP. Does anyone have an example of how to add role based or custom security using an XMBean? How does one configure the acceptable roles? Your help is greatly appreciated.

Thanks!

1. Re: RMI Invoker Adaptor Security

rufusness Jul 8, 2004 7:28 PM (in response to rufusness)

It may be that I'm not understanding something but....how is everyone else making sure that no one is accessing mbeans? If role based security is not used (or maybe just authentication). Is everyone just removing the jmx-invoker-adaptor-server.sar?

Thanks!
Actions
2. Re: RMI Invoker Adaptor Security

starksm64 Jul 10, 2004 11:08 AM (in response to rufusness)

http://www.jboss.org/wiki/Edit.jsp?page=SecureTheInvokers

Read the jmx chapter for examples of adding security to xmbeans via interceptors and check out the org.jboss.jmx.connector.invoker.AuthenticationInterceptor used by the current xmbean deployment of the jmx-invoker-adaptor-server.sar:

http://www.jboss.org/docs/index
Actions
3. Re: RMI Invoker Adaptor Security

rufusness Jul 12, 2004 7:58 PM (in response to rufusness)

Thanks Scott.

I was using 3.2.3 and couldn't figure out how to do it. BTW we do have the pay documentation.

Thanks!
Actions

Go to original post