I'm using JConsole to access an MBean that is running.
The MBean uses a custom Jaas login module and is run with the following command:
java -classpath UserLGUGroupHandlingApplication.jar;MBeanSecure.jar
-com.sun.management.jmxremote.login.config=management.properties
-Djava.security.auth.login.config=./sample_jaas.config
com.test.running.RunningImplementation
With the management.properties file looking like this:
com.sun.management.jmxremote.access.file=jmxremote.access
com.sun.management.jmxremote=true
com.sun.management.jmxremote.authenticate=true
com.sun.management.jmxremote.port=1234
com.sun.management.jmxremote.login.config=Sample
com.sun.management.jmxremote.ssl=false
com.sun.management.jmxremote.ssl.need.client.auth=false
and the sample_jaas.config:
Sample {
test.module.AETTLoginModule required debug=true;
};
and then a user will access this running processes by logging in through JConsole from the command line.
jconsole -debug //or just jconsole
The user selects 'connect remotely', with RemoteProcess 'localhost:1234'
The loginmodule handles the user validation and setting of principals based on the user currently logged in to Windows, which is used to query separate authorization logic to determine the access level.
What I want to happen:
- User enteres jconsole into cmd
- The jconsole window opens.
- User enters address of process e.g. "localhost:1234"
- User does not enter username or password (since this is not required as the authorization is handled by a custom jaas login module).
- Module determines whether the user has readwrite, readonly or no access.
- Jconsole window for process opens, or the login fails.
The Issue:
To access the jmx process in the jconsole window I must enter a dummy username and password, e.g. U:a, P:a, otherwise I get the following error:
java.lang.SecurityException: Authentication failed! Credentials required
at com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
at com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:201)
at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:303)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:662)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2327)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:277)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:225)
at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:334)
at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:296)
at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:280)
Question
For the Jaas login module to run I need the following set:
-Dcom.sun.management.jmxremote.authenticate=true
But, this also creates a condition in JConsole where the username and passowrd fields must be open in the field.
If this is set to false, the loginmodule is never called.
Is it possible to either extend the Jconsole functionality for a particular instance, apply a config setting, or enable a jaas login module without needing to set:
-Dcom.sun.management.jmxremote.authenticate=true
In order to prevent the necessity of entering a username and password in the following fields highlighted below:
I'm looking for a solution similar to the one demonstrated here. But without the need for the user to enter the username or password fields.
EDIT: Also, to clarify, this would need to be done without modifying the client side JCONSOLE, so by purely using server side changes and settings.