0 Replies Latest reply on Jan 13, 2012 10:25 AM by Eric Savidan

    Twiddle & RolesAuthorization

    Eric Savidan Newbie

      Hi,

       

      I've followed instructions from "Technical White Paper - JBoss Security" to secure JMX layer.

       

      I met a problem when implementing instructions described in 4.2.1 chapter : Enable Access Control or Authorization for the JMX Invoker / Use case 1 / Use of AuthorizationInterceptor

      => My jmx-invoker-service.xml :

       


      <descriptors>

      <interceptors>

      <!-- Uncomment to require authenticated users -->

      <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"

      securityDomain="java:/jaas/jmx-console"/>

      <!-- Interceptor that deals with non-serializable results -->

      <interceptor code="org.jboss.jmx.connector.invoker.SerializableInterceptor"

      policyClass="StripModelMBeanInfoPolicy"/>

      <interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor"

      authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"/>

      </interceptors>

      </descriptors>

       

      => My jmx-console security domain :

       

        <application-policy name="jmx-console">

          <authentication>

            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

              flag="required">

              <module-option name="usersProperties">props/jmx-console-users.properties</module-option>

              <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

              <module-option name="hashAlgorithm">MD5</module-option>

            </login-module>

          </authentication>

        </application-policy>

       

      => My jmx-console-roles.properties :

      <admin user>=JBossAdmin,HttpInvoker,UpdateAttributeRole,InvokeOpRole

       

       

      With this configuration, twiddle.sh script can not get information from JMX any more. For example :

       

      # twiddle.sh -u <admin user> -p <admin password> -s jnp://<xx.xx.xx.xx>:1099 get jboss.system:type=Server Started

      17:14:05,419 ERROR [Twiddle] Exec failed

      java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String

       

      If I remove org.jboss.jmx.connector.invoker.AuthorizationInterceptor interceptor, twiddle works fine again.

       

      Is this behavior normal ?

       

      Thanks in advance for your help.

       

      Regards.

       

      Message was edited by: Eric Savidan Do you know if the following correction has been implemented to JBoss AS 5.1.0 : https://issues.jboss.org/browse/JBPAPP-4039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#issue-tabs ?