JDK-6261831 : JMX connector server's creator should not have to grant remote client's permissions in its codebase
  • Type: Enhancement
  • Component: core-svc
  • Sub-Component: javax.management
  • Affected Version: 6
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2005-04-26
  • Updated: 2017-05-16
  • Resolved: 2005-06-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b43Fixed
Related Reports
Relates :  
JDK-6343209 - Need to specify how SubjectDelegationPermission works for ConnectorServer creators
Description
* Issue:

  Using authenticated subjects and subject delegation in the current JMX
  connector server implementations require the server��s creator - the
  codebase/entity calling JMXConnectorServer.start() - to have granted
  all the permissions required by the remote clients to perform its
  remote operations.

  By implementing security in this way we need to grant to the server��s
  codebase more permissions that it really needs. This could be avoided.

* Solution:

  Suppose a security context (subject and/or codebase and/or signers),
  say "creator", makes a JMXConnectorServer and supplies a JMXAuthenticator.

  Later, a connection arrives, and the JMXAuthenticator returns a Subject for
  it containing the Principal "remote".  Today, basically both "remote" and
  "creator" must have all needed permissions for the reason I detailed above.

  However, suppose we say that an MBean operation that needs FilePermission is
  allowed if EITHER:

  (1) both "remote" and "creator" have FilePermission (the current
      requirement, i.e. backwards compatibility is kept); OR
  (2) "remote" has FilePermission and "creator" has
      SubjectDelegationPermission("remote").

  By supporting (2) we no longer need to grant FilePermission to the
  "creator" codebase.

###@###.### 2005-05-20 16:32:52 GMT
Comments
EVALUATION The advantage of the new solution described in the description section is that the scope of the permissions granted to the server��s creator codebase is reduced to the server operation��s required permissions plus the subject delegation permissions for each remote client. ###@###.### 2005-04-26 22:53:37 GMT
26-04-2005