[Rev 01] RFR: 6572: Make mbean functions protected by permission checks

Jessye Coleman-Shapiro github.com+29706926+jessyec-s at openjdk.java.net
Tue Jan 21 14:51:49 UTC 2020

On Mon, 20 Jan 2020 21:28:31 GMT, Marcus Hirt <hirt at openjdk.org> wrote:

>> The pull request has been updated with 1 additional commit.
> core/org.openjdk.jmc.agent/README.md line 32:
>> 31: ### Using a security manager
>> 32: To make MBean calls more secure, the agent can be run with a security manager. A manager can be enabled by adding the VM option `-Djava.security.manager` and by supplying a policy file of permissions to grant as such: `-Djava.security.policy=permissions.policy`. The 'control' Management Permission must be granted in order for MBean function calls to succeed.
>> 33: 
> I'd probably paraphrase this a bit. It's running with a security manager - not just running the agent with security manager. Perhaps something along the lines of: "When running with a security manager, the 'control' Management Permission must be granted to control the agent through the MBean. To set fine grained permissions for authenticated remote users, see e.g. https://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdeup and  https://docs.oracle.com/javadb/ Blahblahblah."

Ok I have modified the description in https://github.com/openjdk/jmc/pull/39/commits/d94062ca316631dffba2e4642215ada40e34ff03.  Let me know what you think.


PR: https://git.openjdk.java.net/jmc/pull/39

More information about the jmc-dev mailing list