Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-23577

[GSS](7.4.z) Can not get core MBeans such as jboss.as and jboss.as.expr from application on EAP when RBAC enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 7.4.4.GA
    • JMX, Remoting, Security
    • None
    • Workaround Exists
    • Hide

      Add anonymous user as Monitor role to role-mapping.

      <access-control provider="rbac">
          <role-mapping>
              <role name="Monitor">
                  <include>
                      <user name="anonymous"/>
                  </include>
              </role>
          </role-mapping>
      </access-control>
      
      Show
      Add anonymous user as Monitor role to role-mapping. <access-control provider= "rbac" > <role-mapping> <role name= "Monitor" > <include> <user name= "anonymous" /> </include> </role> </role-mapping> </access-control>
    • Hide

      1. RBAC enabled

      [standalone@localhost:9990 /] /core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
      [standalone@localhost:9990 /] :reload
      

      2. Deploy webapp

      cd mbean-test
      mvn package wildfly:deploy
      

      3.
      reproduce pattern

      $ curl http://127.0.0.1:8080/mbean-test/mbs1
      $ curl http://127.0.0.1:8080/mbean-test/mbs2
      

      not reproduce pattern

      $ curl http://127.0.0.1:8080/mbean-test/jmx
      
      Show
      1. RBAC enabled [standalone@localhost:9990 /] /core-service=management/access=authorization:write-attribute(name=provider,value=rbac) [standalone@localhost:9990 /] :reload 2. Deploy webapp cd mbean-test mvn package wildfly:deploy 3. reproduce pattern $ curl http: //127.0.0.1:8080/mbean-test/mbs1 $ curl http: //127.0.0.1:8080/mbean-test/mbs2 not reproduce pattern $ curl http: //127.0.0.1:8080/mbean-test/jmx

      If enabled RBAC, InstanceNotFoundException is thrown when getting jboss.as and jboss.as.expr MBeans from application on EAP.

      ERROR [stderr] (default task-1) javax.management.InstanceNotFoundException: WFLYJMX0017: No MBean found with name jboss.as:subsystem=datasources,data-source=ExampleDS,statistics=pool
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.model.ResourceAccessControlUtil.getResourceAccessWithInstanceNotFoundExceptionIfNotAccessible(ResourceAccessControlUtil.java:72)
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.model.ModelControllerMBeanHelper.getAttribute(ModelControllerMBeanHelper.java:268)
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.model.ModelControllerMBeanServerPlugin.getAttribute(ModelControllerMBeanServerPlugin.java:142)
      ERROR [stderr] (default task-1) 	at org.jboss.as.jmx.PluggableMBeanServerImpl.getAttribute(PluggableMBeanServerImpl.java:388)
      ERROR [stderr] (default task-1) 	at jp.co.redhat.example.MBeanServerServlet1.doGet(MBeanServerServlet1.java:24)
      ERROR [stderr] (default task-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
      ...
      

      The exeption can be occurred by getting mbeans via MBeanServer as in-vm access as follows,

      import java.lang.management.ManagementFactory;
      import javax.management.MBeanServer;
      ...
      String objectname = "jboss.as:subsystem=datasources,data-source=ExampleDS,statistics=pool";
      MBeanServer server = ManagementFactory.getPlatformMBeanServer();
      Object r = server.getAttribute(new ObjectName(objectname), "ActiveCount");
      

      If connect via JMXConnectorFactory as followis, the mbeans can be gotten.

      import javax.management.remote.JMXConnectorFactory;
      import javax.management.remote.JMXConnector;
      import javax.management.remote.JMXServiceURL;
      import javax.management.MBeanServerConnection;
      ...
      String objectname = "jboss.as:subsystem=datasources,data-source=ExampleDS,statistics=pool";
      JMXServiceURL jmx_service_url = new JMXServiceURL("service:jmx:remote+http://" + host_name + ":" + port);
      JMXConnector jmx_connector = JMXConnectorFactory.connect(jmx_service_url, null);
      MBeanServerConnection conn = jmx_connector.getMBeanServerConnection();
      conn.getAttribute(new ObjectName(objectname), "ActiveCount");
      

              rhn-cservice-bbaranow Bartosz Baranowski
              rhn-support-jbaesner Joerg Baesner
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: