According to javadoc [1] these methods should return boolean value based on whether this attribute can be read / written. However currently true is returned even though authenticated user can't perform read / write operation.

Note: As I am familiar with JMX spec only very briefly, it is possible that these methods are intended for something bit different.

[1] http://docs.oracle.com/javase/7/docs/api/javax/management/MBeanAttributeInfo.html#isReadable()