Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-20839

[Karaf] JMX ACL MBean authentification problem

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • fuse-7.12-GA
    • fuse-7.12-GA
    • Karaf
    • None
    • Very Likely

      Tested with AR2.

      There is such configuration in jmx.acl.org.apache.karaf.bundle.cfg:

      setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
setStartLevel = admin, manager

      We check if we can call this method with viewer, manager and admin role. The parameters may be wrong, we check if we can call the method at all. In fuse-karaf-7.12.0.fuse-7_12_0-00007-redhat-00001 there seems to be a bug for manager role where only admin is allowed:

      [INFO ] [RbacJmxTest:330]  user: viewer
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:346]  result: SecurityException

!!! SecurityException expected !!!
[INFO ] [RbacJmxTest:330]  user: manager
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException


[INFO ] [RbacJmxTest:330]  user: admin
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException

[INFO ] [RbacJmxTest:330]  user: viewer
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel = admin, manager
[INFO ] [RbacJmxTest:346]  result: SecurityException

[INFO ] [RbacJmxTest:330]  user: manager
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel = admin, manager
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException

[INFO ] [RbacJmxTest:330]  user: admin
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel = admin, manager
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException

      SecurityException is expected if the role is not sufficient. The exception here actually is

      javax.management.RuntimeMBeanException: java.lang.IllegalArgumentException: argument type mismatch

      When the valid parameters are sent

      [INFO ] [RbacJmxTest:330]  user: manager
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:359]  result: success

       

      Worked fine with fuse-karaf-7.11.1.fuse-7_11_1-00013-redhat-00003. All other methods tested seems also fine.

        1. openjdk11-rhel8-rbac.log
          466 kB

              ggrzybek Grzegorz Grzybek
              rhn-support-ppinkas Petr Pinkas
              Petr Pinkas Petr Pinkas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: