* Issue:
Using authenticated subjects and subject delegation in the current JMX
connector server implementations require the server��s creator - the
codebase/entity calling JMXConnectorServer.start() - to have granted
all the permissions required by the remote clients to perform its
remote operations.
By implementing security in this way we need to grant to the server��s
codebase more permissions that it really needs. This could be avoided.
* Solution:
Suppose a security context (subject and/or codebase and/or signers),
say "creator", makes a JMXConnectorServer and supplies a JMXAuthenticator.
Later, a connection arrives, and the JMXAuthenticator returns a Subject for
it containing the Principal "remote". Today, basically both "remote" and
"creator" must have all needed permissions for the reason I detailed above.
However, suppose we say that an MBean operation that needs FilePermission is
allowed if EITHER:
(1) both "remote" and "creator" have FilePermission (the current
requirement, i.e. backwards compatibility is kept); OR
(2) "remote" has FilePermission and "creator" has
SubjectDelegationPermission("remote").
By supporting (2) we no longer need to grant FilePermission to the
"creator" codebase.
###@###.### 2005-05-20 16:32:52 GMT