I have configured JBoss 4.0.5 for role-based authorization as suggested in the technical white paper Securing JMX:
I have set up and tested different roles using the ExernalizableRolesAuthorization class in jmx-invoker-service.xml as suggested in the white paper.
How can I configure fine-grained role based security for MBeans that are accessed via the jmx invocation layer?
For example, I would like to limit access to a specific MBean and MBean methods to a specific role.
I'd like to make this configuration with JBoss configuration files changes, MBean descriptors or other configuration methods.
One alternative is to write my own AuthorizationInterceptor class but a configuration solution is preferable.
Retrieving data ...