Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-14736

Securing via JMX does not work

XMLWordPrintable

    • False
    • False
    • % %
    • build3
    • Undefined
    • Hide
      • move keystore.xml to deploy/ folder
      • move jbossweb.keystore to etc/ folder
      • replace org.apache.karaf.management.cfg in etc/ folder (or modify it as specified in description)
      • start fuse
      • system:property myProperty myValue

      you can use jconsole to check it:

      • remote connection
      • service:jmx:rmi://127.0.0.1:44444/jndi/rmi://127.0.0.1:1099/karaf-root
      • admin/admin

      it should be not possible unless you run jconsole with these parameters:
      -J-Djavax.net.ssl.trustStore="${PATH_TO_JBOSSWEB_KEYSTORE}" -J-Djavax.net.ssl.trustStorePassword="JbossPassword"

      Show
      move keystore.xml to deploy/ folder move jbossweb.keystore to etc/ folder replace org.apache.karaf.management.cfg in etc/ folder (or modify it as specified in description) start fuse system:property myProperty myValue you can use jconsole to check it: remote connection service:jmx:rmi://127.0.0.1:44444/jndi/rmi://127.0.0.1:1099/karaf-root admin/admin it should be not possible unless you run jconsole with these parameters: -J-Djavax.net.ssl.trustStore="${PATH_TO_JBOSSWEB_KEYSTORE}" -J-Djavax.net.ssl.trustStorePassword="JbossPassword"

      It seems like jmx security does not work. In order to access JMX in previous version it has been required to set two JVM options:
      javax.net.ssl.trustStore
      javax.net.ssl.trustStorePassword

      since fuse-7.8 I am able to work with jmx even without specifying these properties.

      To easily reproduce this problem I am attaching important files.
      file etc/org.apache.karaf.management.cfg modified as follows (you can just append it to your file):

      secured = true
secureProtocol = TLSv1
enabledProtocols = TLSv1
keyStore = sample_keystore
keyAlias = jbossalias
trustStore = sample_keystore
keyStoreAvailabilityTimeout = 30000

        1. jbossweb.keystore
          1 kB
        2. keystore.xml
          0.3 kB
        3. org.apache.karaf.management.cfg
          3 kB
        4. org.apache.karaf.management.server-4.2.9.fuse-780013-redhat-00001.jar
          87 kB

              yfang@redhat.com Freeman(Yue) Fang
              vhais Vratislav Hais (Inactive)
              Vratislav Hais Vratislav Hais (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: