Securing the JMX Invoker


The management consoles are not the only management access points into the system. The shutdown and twiddle scripts are programs that interact with JBoss at a management level. They don't use the web applications. Instead, they interact with the JMX invoker.

An invoker is a service in JBoss that accepts invocations, which are requests for actions to be performed on the server, from external clients. To interact with the JMX microkernel, you use the JMX invoker.

Whenever you hear the term invoker, you should immediately wonder whether you really need to accept a particular kind of request from the outside world. If you don't, it is usually best to simply remove the invoker. You can remove the JMX invoker if you will never need to perform a remote shutdown or any sort of programmatic remote management. However, since those management actions are quite useful, we think it is better to leave the JMX invoker active and apply security to it.

How do I do that?

The JMX invoker service is configured in deploy/jmx-invoker-service.xml and is quite simple to secure. The invoke operation on the jboss.jmx:type=adaptor,name=Invoker managed bean (MBean) needs to have an authentication interceptor added to it that links to the appropriate security domain. That doesn't sound easy, but the appropriate interceptor is already in the file, waiting to be uncommented:

     <descriptors>         <interceptors>              <interceptor                 code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"                 securityDomain="java:/jaas/jmx-console"/>         </interceptors>     </descriptors> 

This requires the user to be authenticated by the java:/jaas/jmx-console security domain to invoke management operations remotely. To be sure the interceptor is working, try to shut down the server using the shutdown command:

      [bin]$ ./shutdown.sh -S     Exception in thread "main" java.lang.SecurityException: Failed to      authenticate principal=null, securityDomain=jmx-console             at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(                AuthenticationInterceptor.java:76)             at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)             at ... 

The shutdown script will fail unless you specify a valid username and password to the script. The -u and -p arguments specify the username and password, respectively:

     [bin]$ sh ./shutdown.sh -S -u admin -p admin 

If you have already removed the admin user or changed the password, make sure you use the correct username and password.

What just happened?

You secured the JMX invoker from unauthenticated access by attaching an authentication interceptor to it. This interceptor was linked to the java:/jaas/jmx-console security domain, allowing you to use the same administrative usernames and passwords you already defined for the JMX Console and Web Console applications.



JBoss. A Developer's Notebook
JBoss: A Developers Notebook
ISBN: 0596100078
EAN: 2147483647
Year: 2003
Pages: 106

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net