Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-4567

JMX operations on broker bypass authorization plugin

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.8.0
    • Fix Version/s: 5.9.0
    • Component/s: Broker
    • Labels:

      Description

      When securing the broker using authentication and authorization, any JMX operations on the broker completely bypass the authorization plugin.
      So anyone can modify the broker bypassing the security checks. Also, because of this its not possible to define a read only user for the web console.

        Attachments

          Activity

            People

            • Assignee:
              dejanb Dejan Bosanac
              Reporter:
              tmielke Torsten Mielke
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: