Hi Team, I'm trying to enable and test new feature which was developed in ARTEMIS-4582 - add view and edit permissions to extend security-settings rbac for management operations.
I tried to configure JMX authorization in broker.xml as described in the chapter https://activemq.apache.org/components/artemis/documentation/latest/management.html#jmx-authorization-in-broker-xml First I have added an option -Djavax.management.builder.initial=org.apache.activemq.artemis.core.server.management.ArtemisRbacMBeanServerBuilder to java system properties and found that it cannot be used with -Dcom.sun.management.jmxremote=true (it was enabled for JMX Exporter). Broker cannot start with an exception: javax.management.JMRuntimeException: Failed to load MBeanServerBuilder class org.apache.activemq.artemis.core.server.management.ArtemisRbacMBeanServerBuilder: java.lang.ClassNotFoundException: org.apache.amq.artemis.core.server.management.ArtemisRbacMBeanServerBuilder Question 1. Is it possible to use both ArtemisRbacMBeanServerBuilder and com.sun.management.jmxremote=true option? Currently I use both JMX Exporter and broker metrics plugin because latter does not export common broker metrics (for example, ReplicationSync which used to monitor replication status), and I did not found how to add it in the broker metrics plugin. At least I have an option to change JMX exporter running as javaagent to "standalone" JMX exporter which runs as a separate process and connects to JMX port using TCP. After I have successfully started Artemis with this option, I added setting to broker.xml: <management-message-rbac>true</management-message-rbac> I have added new user "user" with role "user" to PropertiesLoginModule files, and allowed it to login into management console. User can login to the management console and has no permissions (all operations are restricted with lock sign). Then I added section to security-settings in broker.xml (as described in the documentation): <security-setting match="mops.#"> <permission type="view" roles="amq,user"/> <permission type="edit" roles="amq,user"/> </security-setting> And nothing happens. Tried to relogin and restart Artemis. Question 2. Is there something else should be configured to add permissions for user in the management console using security-settings section? -- Best regards, Aleksandr ----------------------------------- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. AO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. -----------------------------------
