Details
-
Bug
-
Status: In Progress
-
Minor
-
Resolution: Unresolved
-
2.17.0
-
None
Description
In 2.17.0, there were some changes to JMX RBAC which enforces guarded JMX access.
While this is fine for remote access to JMX, or the HTTP access to JMX via Hawtio/Jolokia, it does seem that local connections are blocked from reading the Mbeans for:
org.apache.activemq.artemis.*
This wasn't the case for 2.16.0 and earlier.
Since there doesn't seem to be a way to pass authentication on the JMX Attach API with something like Jconsole, therefore we need a bypass for the guarded access to enable read-only access to the Artemis Mbeans for monitoring purposes. As you can see, they are in 'unavailable' state for Jconsole.
The Artemis documentation on security states that Jconsole will use BasicSecurityManager, not JAAS, but it's not made clear that this means only remote access: https://activemq.apache.org/components/artemis/documentation/latest/security.html#basic-security-manager
