1 Reply Latest reply on Aug 21, 2009 12:33 AM by August Simonelli

    Securing JNDI access with role-based security in 5.1

    August Simonelli Newbie

      Hi all,

      I'm currently setting up a JBoss system for some developers and they need access to JNDI to allow them to browse and manipulate message queues. I've got JBoss bound to the external IP of the box but before opening the firewall for the JNDI access I'd like to at least force some security.

      My searching led me to

      http://sourceforge.net/docman/display_doc.php?docid=20143&group_id=22866

      which states "The JNDI naming service is not secured by default and allows access to the JBoss JNDI tree on port 1099. You can change the port and interface which the naming service is bound on, as well as add role based security using a custom XMBean configuration."

      I searched more and found a post at

      http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823726#3823726

      pointing me to

      http://www.jboss.org/community/wiki/XMBeansforSecurity.

      I've begun to follow the XMBeans as per that wiki article but am stuck.

      I don't know where to do this step:

      "Now you need to configure the NamingService to use the detached invoker framework to expose an org.jnp.interfaces.Naming interface proxy to JNDI clients in order to have the jndi lookups routed to the NamingService.invoke method. The following 3.2.6+ confg/jboss-service.xml fragement illustrates this for the RMI/JRMP detached invoker:"

      Additionally, the references are all for 3.x and 4.x not 5.1.

      So, as I'm just a lowly sysadmin does anyone have any advise on how to secure my JNDI access with roles-based security? Have a missed something super obvious?

      Or is there a better way than this? Another way, perhaps?

      Thanks!

      August