[Rev 01] RFR: 6572: Make mbean functions protected by permission checks
github.com+29706926+jessyec-s at openjdk.java.net
Tue Jan 21 14:51:49 UTC 2020
On Mon, 20 Jan 2020 21:28:31 GMT, Marcus Hirt <hirt at openjdk.org> wrote:
>> The pull request has been updated with 1 additional commit.
> core/org.openjdk.jmc.agent/README.md line 32:
>> 31: ### Using a security manager
>> 32: To make MBean calls more secure, the agent can be run with a security manager. A manager can be enabled by adding the VM option `-Djava.security.manager` and by supplying a policy file of permissions to grant as such: `-Djava.security.policy=permissions.policy`. The 'control' Management Permission must be granted in order for MBean function calls to succeed.
> I'd probably paraphrase this a bit. It's running with a security manager - not just running the agent with security manager. Perhaps something along the lines of: "When running with a security manager, the 'control' Management Permission must be granted to control the agent through the MBean. To set fine grained permissions for authenticated remote users, see e.g. https://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdeup and https://docs.oracle.com/javadb/10.10.1.2/adminguide/radminjmxenablepolicy.html#radminjmxenablepolicy. Blahblahblah."
Ok I have modified the description in https://github.com/openjdk/jmc/pull/39/commits/d94062ca316631dffba2e4642215ada40e34ff03. Let me know what you think.
More information about the jmc-dev