Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-6654

Remote JMX connection not working with security manager

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 4.2.8
    • 4.3.1, 4.2.12
    • karaf

    • Karaf version 4.2.8

    Description

      We're unable to connect to remote JMX with security manager enabled.
       
      Steps to reproduce:

      • On Karaf 4.2.8, turn on the security manager by adding 
        -Djava.security.manager and
        -Djava.security.policy==${KARAF_HOME}/etc/all.policy
        to the karaf script.
      • Using jconsole with debug logging, connect to the remote JMX using service:jmx:rmi:///jndi/rmi://localhost:1099/karaf-root and karaf/karaf as the username and password. Choose Insecure connection

      The connection will fail and you will get the following in the logs.

      Note: all.policy grants access to everything.

      java.security.AccessControlException: access denied ("javax.security.auth.AuthPermission" "getSubject")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
	at java.security.AccessController.checkPermission(AccessController.java:886)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at javax.security.auth.Subject.getSubject(Subject.java:287)
	at org.apache.felix.eventadmin.impl.handler.EventAdminImpl.prepareEvent(EventAdminImpl.java:146)
	at org.apache.felix.eventadmin.impl.handler.EventAdminImpl.postEvent(EventAdminImpl.java:180)
	at org.apache.felix.eventadmin.impl.security.EventAdminSecurityDecorator.postEvent(EventAdminSecurityDecorator.java:79)
	at org.apache.karaf.management.internal.EventAdminLoggerImpl.log(EventAdminLoggerImpl.java:56)
	at org.apache.karaf.management.internal.EventAdminMBeanServerWrapper.log(EventAdminMBeanServerWrapper.java:143)
	at org.apache.karaf.management.internal.EventAdminMBeanServerWrapper.getClassLoaderRepository(EventAdminMBeanServerWrapper.java:641)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.karaf.management.internal.MBeanInvocationHandler.invoke(MBeanInvocationHandler.java:60)
	at com.sun.proxy.$Proxy19.getClassLoaderRepository(Unknown Source)
	at javax.management.remote.rmi.RMIConnectionImpl$1.run(RMIConnectionImpl.java:137)
	at javax.management.remote.rmi.RMIConnectionImpl$1.run(RMIConnectionImpl.java:135)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.management.remote.rmi.RMIConnectionImpl.<init>(RMIConnectionImpl.java:134)
	at javax.management.remote.rmi.RMIJRMPServerImpl.makeClient(RMIJRMPServerImpl.java:207)
	at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:250)
	at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
	at sun.rmi.transport.Transport$1.run(Transport.java:200)
	at sun.rmi.transport.Transport$1.run(Transport.java:197)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
	at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:303)
	at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:279)
	at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161)
	at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
	at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2430)
	at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
	at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
	at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:370)
	at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
	at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:294)

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. KARAF-7234 JMX - exceptions are ignored

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              ffang Freeman Yue Fang
              destab Blen Desta
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: