Details
-
Sub-task
-
Resolution: Done
-
Major
-
None
Description
If I set non-core MBeans to be sensitive, like
<subsystem xmlns="urn:jboss:domain:jmx:1.3"> <expose-resolved-model/> <expose-expression-model/> <remoting-connector/> <sensitivity non-core-mbeans="true"/> </subsystem>
then I expect all roles that can read sensitive data (administrator, auditor, superuser) to be able to read non-core MBeans too. This is currently broken, as only administrator and superuser can read non-core MBeans, auditor cannot. I have a test case for this that I will submit later, but the important part is:
boolean successExpected = ...; // 'true' for auditor MBeanServerConnection connection = ...; ObjectName domain = new ObjectName("java.lang:type=OperatingSystem"); try { Object attribute = connection.getAttribute(domain, "Name"); assertTrue("Failure was expected", successExpected); assertEquals(System.getProperty("os.name"), attribute.toString()); } catch (IOException e) { if (e.getCause() instanceof RuntimeMBeanException && e.getCause().getMessage().contains("11360")) { assertFalse("Success was expected but failure happened: " + e, successExpected); } else { throw e; } }
Please note that I'm speaking about reading sensitive data, which, if I understand correctly, auditor can do.
Attachments
Issue Links
- is blocked by
-
REMJMX-68 ClientConnection should propagate JMRuntimeException
-
- Resolved
-
