Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-2948

Document in the release notes that deploy/jmx-remoting.sar cannot be secured

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Blocker
    • EAP 5.0.0
    • EAP 5.0.0.CR4 (FCS and BETA2)
    • Documentation
    • None
    • Release Notes

    Description

      It seems the deploy/jmx-remoting.sar service that instantiates a jsr-160 adapter for remote access to the jboss mbeanserver for usage with tools such as the jconsole that comes with Sun's JDK, doesn't allow to secure this access.

      So although, the service binds by default to localhost, in production environments where the server will bind to a specific address, then access through this jsr160 adapter becomes a security risk. In those case the adapter should be disabled by undeploying/moving the whole deploy/jmx-remoting.sar directory.

      Attachments

        Activity

          People

            dandread1@redhat.com Dimitrios Andreadis
            dandread1@redhat.com Dimitrios Andreadis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: