Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
4.2.5
-
None
-
None
Description
For example, after you install jolokia feature:
karaf@root()> feature:install jolokia
the invocation to Memory.gc() over Jolokia always gets successful even if the user viewer doesn't have the right:
$ curl -s -u viewer:viewer http://localhost:8181/jolokia/exec/java.lang:type=Memory/gc\(\) {"request":{"mbean":"java.lang:type=Memory","type":"exec","operation":"gc()"},"value":null,"timestamp":1556005468,"status":200}
Note jmx.acl.java.lang.Memory.cfg only allows manager (not viewer) to invoke gc():
$ cat etc/jmx.acl.java.lang.Memory.cfg ... gc = manager
This is actually an old issue, which must have been caused by KARAF-3147, as Jolokia is considered to be local JMX connection.
Attachments
Issue Links
- is caused by
-
-
- Resolved
-