Hi,
I've created a web application that exposes some MXBeans for performing CRUD operations on the configuration. A separate web app will be used to do management and reports, and the editors will talk through JMX to make the actual config changes so the main app's caches are updated live.
I'm wondering about security. Do people usually set up username/password security for JMX? Does GlassFish? I'm able to browse many GlassFish mbeans without a username and password, but I don't know if the editing features work because JConsole doesn't support editing complex types.
These instructions on how to set up security in JMX looks underwhelming. Since I'm using GlassFish's existing MBean server, can I rely on it for security somehow? How can I tell it that users cannot use my MXBean or certain methods on it if they are not logged in with a particular role?
Thanks,
Ryan
[Message sent by forum member 'rdelaplante' (rdelaplante)]
http://forums.java.net/jive/thread.jspa?messageID=352562