Karaf
  1. Karaf
  2. KARAF-2137

Unable to prevent remote JMX access

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.3.2, 2.4.0, 3.0.0
    • Component/s: karaf-core
    • Labels:
      None
    • Environment:

      windows/linux standard karaf package

      Description

      in 2.2.x I can configure org.apache.karaf.management.cfg

      serviceUrl = service:jmx:rmi://localhost:$

      {rmiServerPort}

      /jndi/rmi://localhost:$

      {rmiRegistryPort}

      //karaf-$

      {karaf.name}

      this will not allow jmx remote access into karaf, only local user can.

      regression?

        Issue Links

          Activity

          Hide
          Jean-Baptiste Onofré added a comment -

          Hmmm, interesting, I gonna take a look (maybe related to client certificate support).

          Show
          Jean-Baptiste Onofré added a comment - Hmmm, interesting, I gonna take a look (maybe related to client certificate support).
          Hide
          Achim Nierbeck added a comment -

          afair this is also an issue with 2.2.x which makes me unsure about the certificate idea

          Show
          Achim Nierbeck added a comment - afair this is also an issue with 2.2.x which makes me unsure about the certificate idea
          Hide
          Jean-Baptiste Onofré added a comment -

          I checked the diff in the ConnectorServerFactory between karaf-2.2.x and karaf-2.3.x: it's the same codebase. I'm digging and try to reproduce the issue.

          Show
          Jean-Baptiste Onofré added a comment - I checked the diff in the ConnectorServerFactory between karaf-2.2.x and karaf-2.3.x: it's the same codebase. I'm digging and try to reproduce the issue.
          Hide
          Freeman Fang added a comment -

          I believe the fix for KARAF-2291 can also fix this issue, that said, users can specify rmiServerHost to localhost(127.0.0.1) instead of binding to all available network interfaces, so that can prevent remote JMX access

          Show
          Freeman Fang added a comment - I believe the fix for KARAF-2291 can also fix this issue, that said, users can specify rmiServerHost to localhost(127.0.0.1) instead of binding to all available network interfaces, so that can prevent remote JMX access

            People

            • Assignee:
              Freeman Fang
              Reporter:
              Dan Tran
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development