Twiddle & RolesAuthorization
esavidan Jan 13, 2012 10:25 AMHi,
I've followed instructions from "Technical White Paper - JBoss Security" to secure JMX layer.
I met a problem when implementing instructions described in 4.2.1 chapter : Enable Access Control or Authorization for the JMX Invoker / Use case 1 / Use of AuthorizationInterceptor
=> My jmx-invoker-service.xml :
<descriptors> | |
<interceptors> | |
<!-- Uncomment to require authenticated users --> | |
<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor" | |
securityDomain="java:/jaas/jmx-console"/> | |
<!-- Interceptor that deals with non-serializable results --> | |
<interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor" | |
policyClass="StripModelMBeanInfoPolicy"/> | |
<interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor" | |
authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"/> | |
</interceptors> | |
</descriptors> |
=> My jmx-console security domain :
<application-policy name="jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
</login-module>
</authentication>
</application-policy>
=> My jmx-console-roles.properties :
<admin user>=JBossAdmin,HttpInvoker,UpdateAttributeRole,InvokeOpRole
With this configuration, twiddle.sh script can not get information from JMX any more. For example :
# twiddle.sh -u <admin user> -p <admin password> -s jnp://<xx.xx.xx.xx>:1099 get jboss.system:type=Server Started
17:14:05,419 ERROR [Twiddle] Exec failed
java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String
If I remove org.jboss.jmx.connector.invoker.AuthorizationInterceptor interceptor, twiddle works fine again.
Is this behavior normal ?
Thanks in advance for your help.
Regards.
Message was edited by: Eric Savidan Do you know if the following correction has been implemented to JBoss AS 5.1.0 : https://issues.jboss.org/browse/JBPAPP-4039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#issue-tabs ?