0 Replies Latest reply on Aug 8, 2012 5:24 PM by Kamen Lozev

    JMX fine-grained security configuration

    Kamen Lozev Newbie

      Hi,

       

      I have configured JBoss 4.0.5 for role-based authorization as suggested in the technical white paper Securing JMX:

      https://issues.jboss.org/browse/SECURITY-31

       

      I have set up and tested different roles using the ExernalizableRolesAuthorization class in jmx-invoker-service.xml as suggested in the white paper.

      How can I configure fine-grained role based security for MBeans that are accessed via the jmx invocation layer?

      For example, I would like to limit access to a specific MBean and MBean methods to a specific role.

      I'd like to make this configuration with JBoss configuration files changes, MBean descriptors or other configuration methods.

       

      One alternative is to write my own AuthorizationInterceptor class but a configuration solution is preferable and I would really appreciate a configuration example.

       

      Thank you,

       

      Kamen