ActiveMQ
  1. ActiveMQ
  2. AMQ-4567

JMX operations on broker bypass authorization plugin

    Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.8.0
    • Fix Version/s: 5.9.0
    • Component/s: Broker
    • Labels:

      Description

      When securing the broker using authentication and authorization, any JMX operations on the broker completely bypass the authorization plugin.
      So anyone can modify the broker bypassing the security checks. Also, because of this its not possible to define a read only user for the web console.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Dejan Bosanac
            Reporter:
            Torsten Mielke
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development