ARTEMIS-1463 - add role based authentication to the JMX objects

some example fixes

https://issues.apache.org/jira/browse/ARTEMIS-1463
This commit is contained in:
Andy Taylor 2017-10-17 09:42:05 +01:00 committed by Martyn Taylor
parent 93a99cc096
commit 12ad0120ad
7 changed files with 65 additions and 21 deletions

View File

@ -44,9 +44,6 @@ public class ManagementConnector implements ActiveMQComponent {
@Override
public void start() throws Exception {
ArtemisMBeanServerGuard guard = new ArtemisMBeanServerGuard();
guard.init();
rmiRegistryFactory = new RmiRegistryFactory();
rmiRegistryFactory.setPort(configuration.getConnectorPort());
rmiRegistryFactory.init();

View File

@ -61,9 +61,6 @@ under the License.
</goals>
<configuration>
<ignore>${noServer}</ignore>
<!-- options used for JMX on the example -->
<javaOptions>-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=3000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
</javaOptions>
</configuration>
</execution>
<execution>

View File

@ -80,7 +80,7 @@ public class JMXExample {
// Step 10. Create JMX Connector to connect to the server's MBeanServer
HashMap env = new HashMap();
String[] creds = {"admin", "password"};
String[] creds = {"guest", "guest"};
env.put(JMXConnector.CREDENTIALS, creds);
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMXExample.JMX_URL), env);

View File

@ -22,19 +22,19 @@
<entry domain="hawtio"/>
</whitelist>
<default-access>
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="update,amq"/>
<access method="*" roles="amq"/>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/>
<access method="set*" roles="update,amq,guest"/>
<access method="*" roles="amq,guest"/>
</default-access>
<role-access>
<match domain="org.apache.activemq.apache">
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="update,amq"/>
<access method="*" roles="amq"/>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/>
<access method="set*" roles="update,amq,guest"/>
<access method="*" roles="amq,guest"/>
</match>
<!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues">

View File

@ -61,8 +61,6 @@ under the License.
</goals>
<configuration>
<ignore>${noServer}</ignore>
<javaOptions>-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=3001 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
</javaOptions>
</configuration>
</execution>
<execution>

View File

@ -44,7 +44,7 @@ import org.apache.activemq.artemis.api.core.management.QueueControl;
*/
public class MessageCounterExample {
private static final String JMX_URL = "service:jmx:rmi:///jndi/rmi://localhost:3001/jmxrmi";
private static final String JMX_URL = "service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi";
public static void main(final String[] args) throws Exception {
QueueConnection connection = null;
@ -75,7 +75,10 @@ public class MessageCounterExample {
// Step 7. Use JMX to retrieve the message counters using the JMSQueueControl
ObjectName on = ObjectNameBuilder.DEFAULT.getQueueObjectName(SimpleString.toSimpleString(queue.getQueueName()), SimpleString.toSimpleString(queue.getQueueName()), RoutingType.ANYCAST);
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMX_URL), new HashMap<String, Object>());
HashMap env = new HashMap();
String[] creds = {"guest", "guest"};
env.put(JMXConnector.CREDENTIALS, creds);
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMX_URL), env);
MBeanServerConnection mbsc = connector.getMBeanServerConnection();
QueueControl queueControl = MBeanServerInvocationHandler.newProxyInstance(mbsc, on, QueueControl.class, false);

View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one or more
~ contributor license agreements. See the NOTICE file distributed with
~ this work for additional information regarding copyright ownership.
~ The ASF licenses this file to You under the Apache License, Version 2.0
~ (the "License"); you may not use this file except in compliance with
~ the License. You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="1099" connector-host="127.0.0.1"/>
<authorisation>
<whitelist>
<entry domain="hawtio"/>
</whitelist>
<default-access>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/>
<access method="set*" roles="update,amq,guest"/>
<access method="*" roles="amq, guest"/>
</default-access>
<role-access>
<match domain="org.apache.activemq.apache">
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/>
<access method="set*" roles="update,amq,guest"/>
<access method="*" roles="amq,guest"/>
</match>
<!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="update,amq"/>
<access method="*" roles="amq"/>
</match>-->
</role-access>
</authorisation>
</management-context>