Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13844

[GSS](7.1.z) Can not get core MBeans such as jboss.as and jboss.as.expr from application on EAP when RBAC enabled

XMLWordPrintable

    • Workaround Exists
    • Hide
      • Add anonymous user as Monitor role to role-mapping. – should be set, adding new role does not yeld result.
      • * <access-control provider="rbac">
        *     <role-mapping>
        *         <role name="Monitor">
        *             <include>
        *                 <user name="anonymous"/>
        *             </include>
        *         </role>
        *     </role-mapping>
        * </access-control>
        * 
      Show
      Add anonymous user as Monitor role to role-mapping. – should be set, adding new role does not yeld result. * <access-control provider= "rbac" > * <role-mapping> * <role name= "Monitor" > * <include> * <user name= "anonymous" /> * </include> * </role> * </role-mapping> * </access-control> *
    • Hide

      1. RBAC enabled

      [standalone@localhost:9990 /] /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
      [standalone@localhost:9990 /] :reload
      

      2. Deploy webapp

      cd mbean-test
      mvn package wildfly:deploy
      

      3.
      reproduce pattern

      $ curl http://127.0.0.1:8080/mbean-test/mbs1
      $ curl http://127.0.0.1:8080/mbean-test/mbs2
      

      not reproduce pattern

      $ curl http://127.0.0.1:8080/mbean-test/jmx
      
      Show
      1. RBAC enabled [standalone@localhost:9990 /] /core-service=management/access=authorization:write-attribute(name=provider,value=rbac) [standalone@localhost:9990 /] :reload 2. Deploy webapp cd mbean-test mvn package wildfly:deploy 3. reproduce pattern $ curl http: //127.0.0.1:8080/mbean-test/mbs1 $ curl http: //127.0.0.1:8080/mbean-test/mbs2 not reproduce pattern $ curl http: //127.0.0.1:8080/mbean-test/jmx

      If enabled RBAC, InstanceNotFoundException is thrown when getting jboss.as and jboss.as.expr MBeans from application on EAP.

      ERROR [stderr] (default task-1) javax.management.InstanceNotFoundException: WFLYJMX0017: No MBean found with name jboss.as:subsystem=datasources,data-source=ExampleDS,statistics=pool
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.model.ResourceAccessControlUtil.getResourceAccessWithInstanceNotFoundExceptionIfNotAccessible(ResourceAccessControlUtil.java:72)
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.model.ModelControllerMBeanHelper.getAttribute(ModelControllerMBeanHelper.java:268)
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.model.ModelControllerMBeanServerPlugin.getAttribute(ModelControllerMBeanServerPlugin.java:142)
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.PluggableMBeanServerImpl.getAttribute(PluggableMBeanServerImpl.java:388)
      ERROR [stderr] (default task-1) 	at jp.co.redhat.example.MBeanServerServlet1.doGet(MBeanServerServlet1.java:24)
      ERROR [stderr] (default task-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
      ...
      

      The exeption can be occurred by getting mbeans via MBeanServer as in-vm access as follows,

      import java.lang.management.ManagementFactory;
      import javax.management.MBeanServer;
      ...
      String objectname = "jboss.as:subsystem=datasources,data-source=ExampleDS,statistics=pool";
      MBeanServer server = ManagementFactory.getPlatformMBeanServer();
      Object r = server.getAttribute(new ObjectName(objectname), "ActiveCount");
      

      If connect via JMXConnectorFactory as followis, the mbeans can be gotten.

      import javax.management.remote.JMXConnectorFactory;
      import javax.management.remote.JMXConnector;
      import javax.management.remote.JMXServiceURL;
      import javax.management.MBeanServerConnection;
      ...
      String objectname = "jboss.as:subsystem=datasources,data-source=ExampleDS,statistics=pool";
      JMXServiceURL jmx_service_url = new JMXServiceURL("service:jmx:remote+http://" + host_name + ":" + port);
      JMXConnector jmx_connector = JMXConnectorFactory.connect(jmx_service_url, null);
      MBeanServerConnection conn = jmx_connector.getMBeanServerConnection();
      conn.getAttribute(new ObjectName(objectname), "ActiveCount");
      

              rhn-cservice-bbaranow Bartosz Baranowski
              rhn-support-hdaicho Hiroki Daicho (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: