Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1363

JMXMBean does not handle local connections correctly

    Details

    • Support Ticket IDs:

      Description

      Enable the JMX connection handler.

      Connect using jconsole to the local JVM, ie using the same login account. The JMXMBean.getClientConnection() method is called, but returns null for the clientConnection because the subject returned from javax.security.auth.Subject.getSubject(acc) is null.

      A null connection causes us to return an MBeanInfo that doesn't expose any attributes.

      However remote connections have a subject (the DN entered in jconsole) and so the clientConnection is non-null and consequently we expose monitoring attributes to remote connections.

      A debugger shows that acc.isPrivileged is true for local connections and false for remote connections. Similarly, acc.isAuthorized is true for local connections and false for remote connections. However those are private to the acc object...

      https://blogs.oracle.com/lmalventosa/entry/jmx_authentication_authorization suggests that a null Subject indicates a local connection; some testing suggests that trying to connect anonymously over a remote connection fails before this method is called.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              cjr Chris Ridd
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: