3 Replies Latest reply on Nov 10, 2017 5:52 AM by Darran Lofthouse

    EAP 7 management-http authentication in java code

    Kavintha Maduranga Newbie

       

      String urlString = System.getProperty("jmx.service.url", "service:jmx:remote+http://" + "localhost:11990");

      JMXServiceURL serviceURL = new JMXServiceURL(urlString);
      jmxConnector = JMXConnectorFactory.connect(serviceURL);

      return jmxConnector.getMBeanServerConnection();

       

      //using the mbeanserverconnection returns from above code following message count can be taken

      Integer.valueOf(mBeanServerConnection.getAttribute(objectName, "message-count").toString());

       

       

      Question is,  here i don't need to provide any username/password to the server connection. Will there be any security issues ? and how to configure standalone.xml in-order to make credentials mandatory or if there is any other way

        • 1. Re: EAP 7 management-http authentication in java code
          Martin Choma Expert

          I assume you are running that from same machine. By default ManagementRealm allow local access. If you remove <local default-user="$local" skip-group-loading="true"/> from standalone.xml access will be checked against property file mgmt-users.properties.

          1 of 1 people found this helpful
          • 2. Re: EAP 7 management-http authentication in java code
            Kavintha Maduranga Newbie

            Thanks  Martin for the clue and once i removed "<local default-user="$local" skip-group-loading="true"/>"  tag, authentication was requires. It worked.

            • 3. Re: EAP 7 management-http authentication in java code
              Darran Lofthouse Master

              One point to keep in mind, there the <local /> element is present within the security realm definition authentication still occurs.

               

              In the case of local authentication the server writes a small token to a file within the servers directory hierarchy, the client then reads this token and sends it back to the server to prove that it could read the file.

               

              Remote clients do not have access to the filesystem so would never be able to authenticate using the local mechanism.

               

              Also local clients on the same machine that do not have access to the directory structure of the application server would not be able to read the token that is written so also would not be able to use the mechanism.

               

              For all clients that can not use the local authentication mechanism they then fallback to username / password based authentication.

              2 of 2 people found this helpful