twiddle doesn't support password parameter

newbi Apr 5, 2007 5:45 AM

Hello,

We have an application deployed on JbossAS4.0.1sp1. In spite of the fact that jmx-console is secured by password, twiddle tool can still access the server without password.

Is this a security hole of this version of jboss? It seems that since jboss 4.0.2 twiddle tool supports password parameter.

Our problem is that we cannot plan a migration to 4.0.2 and this issue is critical.

thanks

newbi

1. Re: twiddle doesn't support password parameter

newbi Apr 6, 2007 5:00 AM (in response to newbi)

We've activated the jmx-invoker authentication which also forces twiddle authentication.

But we've got another problem - the shutdown also asks for authentication and for 4.0.1 shutdown doesn't support password parameter (another bug of 4.0.1).

any workaround?

tks

newbi
Actions
2. Re: twiddle doesn't support password parameter

dimitris Apr 10, 2007 9:09 AM (in response to newbi)

It's not bug, it's a feature. You should be able to shutdown the server through twiddle as well. Look on the avaiable operations of the jboss.system:type=Server mbean, if I recall.
Actions

Go to original post