[QPID-3844] Management ACL lacks the ability to perform queryMBean operation for non-admin users - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.15
Fix Version/s: 0.15
Component/s: Broker-J
Labels:
None

Description

Existing user accounts with limited rights (non admin uses) cannot login into management console due to error: "Permission denied: Access queryMBeans".

For example, ACL for the guest account can be configured like following

#Allow 'guest' to perform read operations on the Serverinformation mbean and view logger levels
ACL ALLOW-LOG guest ACCESS METHOD component="ServerInformation"
ACL ALLOW-LOG guest ACCESS METHOD component="LoggingManagement" name="viewEffectiveRuntimeLoggerLevels"

but "guest" user still is not be able to login because current implementation does not allow invocation of queryMBeans operation for non-admin accounts.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-QPID-3844-Operation-queryMBeans-does-not-require-aut.patch
15/Feb/12 17:18
4 kB
Alex Rudyy

Activity

People

Assignee:: Robbie Gemmell

Reporter:: Alex Rudyy

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Feb/12 14:44

Updated:: 11/Feb/15 20:06

Resolved:: 16/Feb/12 12:01