invoke operations in jmx console return 403

mrwease Jan 6, 2009 11:21 AM

I have secured the JMX Console using SSL and LDAP. I am able to successfully login to the JMX console and view everything but I get a 403 whenever I try any invoke operations. I see nothing in the logs other than the 403 logged in the access log. I am using jboss 4.2.2 but have been able to reproduce this on 4.2.3 and 5.0.0. Would someone please point me in the right direction? Here is the filter from my web.xml that has the mapping for JmxOpsAccessControlFilter.

<filter-name>JmxOpsAccessControlFilter</filter-name>
<filter-class>org.jboss.jmx.adaptor.html.JMXOpsAccessControlFilter</filter-class>
<init-param>
<param-name>updateAttributes</param-name>
<param-value>UpdateAttributeRole</param-value>
Comma-delimited Roles that define the JMX Operation denoting updation of Attributes
</init-param>
<init-param>
<param-name>invokeOp</param-name>
<param-value>InvokeOpRole</param-value>
Comma-delimited Roles that define the JMX Operation denoting Invocation of Operations
</init-param>

<filter-mapping>
<filter-name>JmxOpsAccessControlFilter</filter-name>
<servlet-name>HtmlAdaptor</servlet-name>
</filter-mapping>

Thanks in advance,
Keith

1. Re: invoke operations in jmx console return 403

mrwease Jan 6, 2009 12:11 PM (in response to mrwease)

I solved the issue by simply removing the filter.
Actions
2. Re: invoke operations in jmx console return 403

mrwease Jan 7, 2009 9:58 AM (in response to mrwease)

For anyone else securing the JMX console with LDAP you can add InvokeOpRole to LDAP and use the filter for more fine grained access control. There is a doc with more details here.
Actions

Go to original post