[
https://issues.apache.org/jira/browse/IGNITE-13478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Semyon Danilov updated IGNITE-13478:
------------------------------------
Description:
At the moment we have the following code:
*functions.sh*
{code:java}
JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}"
org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
#
# This variable defines necessary parameters for JMX
# monitoring and management.
#
# This enables remote unsecure access to JConsole or VisualVM.
#
# ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
#
if [ -n "$JMX_PORT" ]; then
JMX_MON="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=${JMX_PORT} \
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false"
else
# If JMX port wasn't found do not initialize JMX.
echo "$0, WARN: Failed to resolve JMX host (JMX will be disabled):
$HOSTNAME"
JMX_MON=""
fi
{code}
So the properties -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way
to change them.
was:
At the moment we have the following code:
*functions.sh*
{{JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}"
org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
#
# This variable defines necessary parameters for JMX
# monitoring and management.
#
# This enables remote unsecure access to JConsole or VisualVM.
#
# ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
#
if [ -n "$JMX_PORT" ]; then
JMX_MON="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=${JMX_PORT} \
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false"}}
So the properties -Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false will be set always and there is no way
to change them.
> Security issue in JMX configuration using ignite.sh
> ---------------------------------------------------
>
> Key: IGNITE-13478
> URL: https://issues.apache.org/jira/browse/IGNITE-13478
> Project: Ignite
> Issue Type: Bug
> Components: control.sh
> Affects Versions: 2.8.1
> Reporter: Semyon Danilov
> Assignee: Semyon Danilov
> Priority: Major
> Fix For: 2.9
>
>
> At the moment we have the following code:
> *functions.sh*
>
> {code:java}
> JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}"
> org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
> #
> # This variable defines necessary parameters for JMX
> # monitoring and management.
> #
> # This enables remote unsecure access to JConsole or VisualVM.
> #
> # ADD YOUR ADDITIONAL PARAMETERS/OPTIONS HERE
> #
> if [ -n "$JMX_PORT" ]; then
> JMX_MON="-Dcom.sun.management.jmxremote
> -Dcom.sun.management.jmxremote.port=${JMX_PORT} \
> -Dcom.sun.management.jmxremote.authenticate=false
> -Dcom.sun.management.jmxremote.ssl=false"
> else
> # If JMX port wasn't found do not initialize JMX.
> echo "$0, WARN: Failed to resolve JMX host (JMX will be disabled):
> $HOSTNAME"
> JMX_MON=""
> fi
> {code}
> So the properties -Dcom.sun.management.jmxremote.authenticate=false
> -Dcom.sun.management.jmxremote.ssl=false will be set always and there is no
> way to change them.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
