On Wed, Jan 25, 2023 at 12:04 PM Mark Thomas <ma...@apache.org> wrote: > > On 25/01/2023 05:21, David Delabassee wrote: > > <snip/> > > > ## Heads-up - JDK 21: JMX Subject Delegation & Fine-grained Security > > Deprecation > > > > JMX has some features that rely on Security Manager APIs which are > > deprecated for removal (see JEP 411 [4]). These features are "Subject > > Delegation" and "Fine-grained Security", which both seem to be generally > > unused, and would require significant investment to implement without > > touching the deprecated APIs. As a consequence, "Subject Delegation" is > > being proposed for deprecation in JDK 21 [5]. > > > > Fine-grained Security is also being considered for deprecation at the > > same time. This feature [6] has allowed configuration of a security > > policy to restrict or permit access to specific MBean actions. It is > > expected that this feature is generally unused, possibly because there > > is simply no demand for such detailed control, and that it is too > > complex to create and maintain the policies. > > <snip/> > > I never even knew that this was possible. And I thought I had read the > JMX docs reasonably thoroughly. > > I have always viewed the lack of fine-grained security to be a > significant weakness in the JMX security model. I wish I had known about > this years ago. > > There is a demand for fine-grained security with JMX. We have had users > express a desire to expose some parts of some JMX MBeans to a sub-set of > users. > > I'm fine with the removal of the SecurityManager. Even if they had been > aware of the option, requiring the use of a SecurityManager to enable > fine-grained security with JMX may have prevented many users for > adopting the approach. > > If there is any way the fine-grained security can be retained, I think > that would be useful. Maybe some sort of authorization SPI where users > can provide the answer to "Can this user with these roles call this method?"
I didn't know about the feature either. Maybe it wasn't there when we initially implemented JMX ? I have no idea. And I don't know how to use it right now obviously ;) Using fine grained security would be a good idea if it is possible. Probably something very simple though: stats only and the rest. Rémy > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
