As Originally reported in JBJMX-97, the user says:

==========================================================================================
I have secured the jmx-invoker-service using JAAS and the standard UsersRolesLoginModule. I am able to authenticate (basic authentication) through the web UI and manage the console using the same login config.

I am getting a remote connection to the JMX server from an InitialContext that is populated with the user name and password:
env.put(Context.SECURITY_PRINCIPAL, userName);
env.put(Context.SECURITY_CREDENTIALS, password);

Then I look up the MBeanServerConnection and try to get the MBeanInfo

MBeanServerConnection server = lookup("jmx/invoker/RMIAdaptor", MBeanServerConnection.class);
ObjectName name = new ObjectName(theName);
MBeanInfo info = server.getMBeanInfo(name);

At this point the server throws an ArrayIndexOutOfBoundsException from org.jboss.jmx.connector.invoker.AuthorizationInterceptor line 107.

If I try and set an attribute:
server.setAttribute(name, new Attribute("searchText", searchText));

I get instead at the same line:
java.lang.ClassCastException: javax.management.Attribute
at org.jboss.jmx.connector.invoker.AuthorizationInterceptor.invoke(AuthorizationInterceptor.java:107)
at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:108)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
==========================================================================================