12 Replies Latest reply on Apr 8, 2010 6:36 AM by Anil Saldanha

    JSR-160 connectors security

    Anil Saldanha Master

      This is a design thread that Scott Marlow (SMarlow) and I will be using to discuss the JSR-160 integration that Scott is working on. There are some security aspects to be considered in this integration based on the JSR-160 specification.

       

      Studying the JSR-160 specification, in the section III on JMX Remote Connector API:

       

      • Section 13.12 Connector Security

       

      On the server side, when the connectors are created, they are instantiated with JMXAuthenticator.  (JMXAuthenticator Javadoc)

       

      If you look at the API for JMXAuthenticator, you will see that there is just one method namely: "Subject  authenticate( Object credential )".  As you can see, we pass in a credential and then get back an authenticated subject.

       

      The credential can be open ended.  Ok, what about the username?  Read below:

       

      From the JSR-160 specification, we see that there is a concrete class called as RMIConnector.

       

      • Section 14.4 Basic Security

       

      Now, the spec says that "A client connecting to a server that has an JMXAuthenticator must supply the authentication information that the JMXAuthenticator will examine. The environment supplied to the connect operation must include the property jmx.remote.credentials, whose associated value is the authentication information. This object must be serializable."

       

      ANIL:  I think on the client side, we need to create an instance of org.jboss.security.SecurityContext and fill it with the username and password that we want to send it across to the server.  At the server, we take this SC instance and authenticate on the server side.

       

      I like the passing of serialized Security Context rather than a String[] array of two (Username and Password) because we may be able to handle various permutations with the ctx (certificates, digest etc).

       

      The spec has: "This specification does not include any predefined authentication system. The simplest example of such a system is a secret string shared between client and server. The client supplies this string as its jmx.remote.credentials, and the server’s JMXAuthenticator checks that it has the correct value.
      As a slightly more complicated example, the authentication information could be a String[2] that includes a username and a password. The JMXAuthenticator verifies these, for example by consulting a password file or by logging in through some system-dependent mechanism, and if successful derives a Subject based on the given username."