Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Background
JMX API is widely used by ActiveMQ users. There is a number of MBeans available for ActiveMQ that contains multiple attributes and operations. Unconscious use of some operations can lead to malfunction and ActiveMQ process interruption. Example:
- TerminateJVM http://activemq.apache.org/maven/apidocs/org/apache/activemq/broker/jmx/BrokerViewMBean.html#terminateJVM-int-
JMX API supports two roles: ReadOnly, ReadWrite. In some use cases, users may want to restrict some operations to not allow JMX users with ReadWrite access to perform operations.
There is a possibility of Selective MBean registration, but it is not possible to disable selected operations for particular MBean.
The Jolokia HTTP management API already supports JMX operations restriction via configuration.
This Feature should provide the possibility to disable some of the operations without disabling the whole MBean for JMX API.
Proposed solution
One possible way to achieve it is to extend the configuration of ActiveMQ to make it possible to define list of restricted JMX operations. Possible configuration syntax:
<managementContext createConnector="false">
<restrict>
<command>terminateJVM</command>
<command>stop</command>
</restrict>
</managementContext>