I have the following scenario:
I have an application that uses JMX to expose some methods, sat on a server. At present users can connect to this via the command line using jconsole. There are currently no access restrictions.
Users will be logging into a machine and have access rights stored in the form of active directory.
I am looking to add authentication and authorisation to the jmx process so that when a user types into the command line:
jconsole <processName>
It will check their AD user group and determine if they have authorisation to either read or read and write to the managed resource.
I have a solution to retrieving the AD groups, but not in how I pass it to the JMX process. I can set a hard coded passwords file on the jmx process but I have no way of calling the user automatically to determine their access rights.
Is it possible for the current JMX process to execute a callback to determine a given users access rights when they try to connect to it? If not, are there existing tools and frameworks (for example JBoss) that would allow me to do this?
This is solved by using a Jaas custom login module, then bouncing and relaunching the JMX process with the following in the command line:
-Dcom.sun.management.jmxremote.login.config=Sample
-Djava.security.auth.login.config=sample_jaas.config
where sample_jaas.config has a setting like this:
Sample {
sample.module.SampleLoginModule required;
};
and my SampleLoginModule implements the LoginModule interface, and in its login() method has a callback to the authorization logic module.