You can secure managed beans (MBean) invocations in a distributed environment.
For more information on the MBeans available, see Using Managed Beans (MBeans) to administer your environment.
JMX provides methods for the connector servers to authenticate the remote clients. For the RMI connector, authentication is completed by supplying an object that implements the JMXAuthenticator interface when the connector server is created. So eXtreme Scale implements this JMXAuthenticator interface to utilize the ObjectGrid Authenticator plug-in to authenticate the remote clients. See ../com.ibm.websphere.extremescale.over.doc/txstutsec2.html for details on how eXtreme Scale authenticates a client.
The JMX client follows the JMX APIs to provide credentials to connect to the connector server. The JMX framework passes the credential to the connector server, and then calls the JMXAuthenticator implementation for authentication. As described previously, the JMXAuthenticator implementation then delegates the authentication to the ObjectGrid Authenticator implementation.
Review the following example that describes how to connect to a connector server with a credential:
javax.management.remote.JMXServiceURL jmxUrl = new JMXServiceURL( "service:jmx:rmi:///jndi/rmi://localhost:1099/objectgrid/MBeanServer"); environment.put(JMXConnector.CREDENTIALS, new UserPasswordCredential("admin", "xxxxxx")); // Create the JMXCconnectorServer JMXConnector cntor = JMXConnectorFactory.newJMXConnector(jmxUrl, null); // Connect and invoke an operation on the remote MBeanServer cntor.connect(environment);
In the preceding example, a UserPasswordCredential is provided with the user ID set to admin and the password set to xxxxx. This UserPasswordCredential object is set in the environment map, which is used in the JMXConnector.connect(Map) method. This UserPasswordCredential object is then passed to the server by the JMX framework, and finally passed to the ObjectGrid authentication framework for authentication.
The client programming model strictly follows the JMX specification.
A JMX MBean server might have access to sensitive information and might be able to perform sensitive operations. JMX provides necessary access control that identifies which clients can access that information and who can perform those operations. The access control is built on the standard Java security model by defining permissions that control access to the MBean server and its operations.
For JMX operation access control or authorization, eXtreme Scale relies on the JAAS support provided by the JMX implementation. At any given point in the execution of a program, there is a current set of permissions that a thread of execution holds. When such a thread calls a JMX specification operation, these are known as the held permissions. When a JMX operation is performed, a security check is done to check whether the needed permission is implied by the held permission.
The MBean policy definition follows the Java policy format. For example, the following policy grants all signers and all code bases with the right to retrieve the server JMX address for the PlacementServiceMBean, but with restriction to the com.ibm.websphere.objectgrid domain.
grant { permission javax.management.MBeanPermission "com.ibm.websphere.objectgrid.management.PlacementServiceMBean#retrieveServerJMXAddress [com.ibm.websphere.objectgrid:*,type=PlacementService]", "invoke"; }
You can use the following policy example to complete authorization based on remote client identity. The policy grants the same MBean permission as shown in the preceding example, except only to users with X500Principal name as CN=Administrator,OU=software,O=IBM,L=Rochester,ST=MN,C=US.
grant principal javax.security.auth.x500.X500Principal "CN=Administrator,OU=software,O=IBM,L=Rochester,ST=MN,C=US" { permission javax.management.MBeanPermission "com.ibm.websphere.objectgrid.management.PlacementServiceMBean#retrieveServerJMXAddress [com.ibm.websphere.objectgrid:*,type=PlacementService]", "invoke"; }
Java policies are checked only if the security manager is turned on. Start catalog servers and container servers with the -Djava.security.manager JVM argument to enforce the MBean operation access control.
The transport between the JMX client and server can be secured utilizing TLS/SSL. If the transportType of catalog server or container server is set to SSL_Required or SSL_Supported, then you have to use SSL to connect to the JMX server.