Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-2137

Unable to prevent remote JMX access

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.3.2, 2.4.0, 3.0.0
    • Component/s: karaf-core
    • Labels:
      None
    • Environment:

      windows/linux standard karaf package

      Description

      in 2.2.x I can configure org.apache.karaf.management.cfg

      serviceUrl = service:jmx:rmi://localhost:$

      {rmiServerPort}

      /jndi/rmi://localhost:$

      {rmiRegistryPort}

      //karaf-$

      {karaf.name}

      this will not allow jmx remote access into karaf, only local user can.

      regression?

        Issue Links

          Activity

          Hide
          ffang Freeman Fang added a comment -

          I believe the fix for KARAF-2291 can also fix this issue, that said, users can specify rmiServerHost to localhost(127.0.0.1) instead of binding to all available network interfaces, so that can prevent remote JMX access

          Show
          ffang Freeman Fang added a comment - I believe the fix for KARAF-2291 can also fix this issue, that said, users can specify rmiServerHost to localhost(127.0.0.1) instead of binding to all available network interfaces, so that can prevent remote JMX access
          Hide
          jbonofre Jean-Baptiste Onofré added a comment -

          I checked the diff in the ConnectorServerFactory between karaf-2.2.x and karaf-2.3.x: it's the same codebase. I'm digging and try to reproduce the issue.

          Show
          jbonofre Jean-Baptiste Onofré added a comment - I checked the diff in the ConnectorServerFactory between karaf-2.2.x and karaf-2.3.x: it's the same codebase. I'm digging and try to reproduce the issue.
          Hide
          achim_nierbeck Achim Nierbeck added a comment -

          afair this is also an issue with 2.2.x which makes me unsure about the certificate idea

          Show
          achim_nierbeck Achim Nierbeck added a comment - afair this is also an issue with 2.2.x which makes me unsure about the certificate idea
          Hide
          jbonofre Jean-Baptiste Onofré added a comment -

          Hmmm, interesting, I gonna take a look (maybe related to client certificate support).

          Show
          jbonofre Jean-Baptiste Onofré added a comment - Hmmm, interesting, I gonna take a look (maybe related to client certificate support).

            People

            • Assignee:
              ffang Freeman Fang
              Reporter:
              danttran Dan Tran
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development