3 Replies Latest reply on Nov 10, 2017 5:52 AM by dlofthouse

    EAP 7 management-http authentication in java code

    kavinthamaduranga
    kavinthamaduranga Nov 9, 2017 4:58 AM

       

      String urlString = System.getProperty("jmx.service.url", "service:jmx:remote+http://" + "localhost:11990");

      JMXServiceURL serviceURL = new JMXServiceURL(urlString);
      jmxConnector = JMXConnectorFactory.connect(serviceURL);

      return jmxConnector.getMBeanServerConnection();

       

      //using the mbeanserverconnection returns from above code following message count can be taken

      Integer.valueOf(mBeanServerConnection.getAttribute(objectName, "message-count").toString());

       

       

      Question is,  here i don't need to provide any username/password to the server connection. Will there be any security issues ? and how to configure standalone.xml in-order to make credentials mandatory or if there is any other way

      • 376 Views
      • Tags:
        • 1. Re: EAP 7 management-http authentication in java code
          mchoma
          mchoma Nov 9, 2017 8:36 AM (in response to kavinthamaduranga)

          I assume you are running that from same machine. By default ManagementRealm allow local access. If you remove <local default-user="$local" skip-group-loading="true"/> from standalone.xml access will be checked against property file mgmt-users.properties.

          1 of 1 people found this helpful
            • Actions
          • 2. Re: EAP 7 management-http authentication in java code
            kavinthamaduranga
            kavinthamaduranga Nov 9, 2017 11:02 PM (in response to mchoma)

            Thanks  Martin for the clue and once i removed "<local default-user="$local" skip-group-loading="true"/>"  tag, authentication was requires. It worked.

              • Actions
            • 3. Re: EAP 7 management-http authentication in java code
              dlofthouse
              dlofthouse Nov 10, 2017 5:52 AM (in response to kavinthamaduranga)

              One point to keep in mind, there the <local /> element is present within the security realm definition authentication still occurs.

               

              In the case of local authentication the server writes a small token to a file within the servers directory hierarchy, the client then reads this token and sends it back to the server to prove that it could read the file.

               

              Remote clients do not have access to the filesystem so would never be able to authenticate using the local mechanism.

               

              Also local clients on the same machine that do not have access to the directory structure of the application server would not be able to read the token that is written so also would not be able to use the mechanism.

               

              For all clients that can not use the local authentication mechanism they then fallback to username / password based authentication.

              2 of 2 people found this helpful
                • Actions