1 Reply Latest reply on Nov 4, 2004 9:25 PM by starksm64

JBoss support for specifying authorization policy

wrmay Nov 3, 2004 3:02 PM

My group has implemented a number of Service MBeans and I need to apply a granular authorization policy to them.

The MBeanServer API documentation seems to support this well ...

For the invoke method, the caller's permissions must imply MBeanPermission(className, operationName, name, "invoke").

For the getAttribute method, the caller's permissions must imply MBeanPermission(className, attribute, name, "getAttribute").

...

However, after reading the HOWTO I am still unclear about how I would go about specifying which users/roles have which MBean permissions.

Is this already supported by JBoss ? If not, is there a known model for extending JBoss to support this ?

Any advice on the best way to approach this would be appreciated!

Thanks

1. Re: JBoss support for specifying authorization policy

starksm64 Nov 4, 2004 9:25 PM (in response to wrmay)

You need to run with a security manager, specify a policy configuration that uses subject based permissions, and then encapsulate the MBean access in Subject.doAs(...) blocks.

Alternatively, you could add a custom security interceptor to your mbeans by deploying them as XMBeans.
Actions