Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1363

JMXMBean does not handle local connections correctly


    • Type: Bug
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.6.0
    • Fix Version/s: None
    • Component/s: core server, monitoring
    • Labels:
    • Support Ticket IDs:


      Enable the JMX connection handler.

      Connect using jconsole to the local JVM, ie using the same login account. The JMXMBean.getClientConnection() method is called, but returns null for the clientConnection because the subject returned from javax.security.auth.Subject.getSubject(acc) is null.

      A null connection causes us to return an MBeanInfo that doesn't expose any attributes.

      However remote connections have a subject (the DN entered in jconsole) and so the clientConnection is non-null and consequently we expose monitoring attributes to remote connections.

      A debugger shows that acc.isPrivileged is true for local connections and false for remote connections. Similarly, acc.isAuthorized is true for local connections and false for remote connections. However those are private to the acc object...

      https://blogs.oracle.com/lmalventosa/entry/jmx_authentication_authorization suggests that a null Subject indicates a local connection; some testing suggests that trying to connect anonymously over a remote connection fails before this method is called.




            • Assignee:
              cjr Chris Ridd
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: