Fuse / A-MQ allowing unrestricted remote access to JMX operations when running as a service with Java Service Wrapper

Solution Verified - Updated -

Issue

When started via the service wrapper, Fuse and A-MQ do not enforce role-based access (RBAC) on remote JMX operation invocation via jconsole. Restricted operations (such as broker stop / restart) are available to clients with reduced privileges. RBAC is applied correctly when the same users attempt to access the restricted operations via Hawtio.

Environment

  • Red Hat JBoss Fuse
    • 6.x
  • Red Hat JBoss A-MQ
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content