I would like to know if there is a way to access values of MBeans in Apache Artemis. The problem is that MBeans access is protected by role access defined in management.xml. When you are accessing MBeans you should have role required in settings, but from my Java app I cannot apply role when I'm accessing MBeans. Same thing happens when I use VisualVM, I can see list of MBeans but due to access constraint I cannot see value of MBeans.
One workaround is to actually remove <authorization> element from management.xml or to simply add org.apache.activemq.artemis in <whitelist> element.
It would be nice if I could do it via reflection in runtime. I've tried couple of times but didn't have much success. Is there a way to override any of Artemis' properties in runtime and that way make access possible?
MBean access restriction is part of the security of the broker. Having a way to circumvent that security or just disable it at runtime without the proper authentication & authorization would be a significant security hole. If MBean access wasn't restricted then anyone with remote access could shut the broker down or even delete all the messages in your queues.
If you want to access the MBeans without restriction you'll need to change management.xml as you noted.
You could also just submit the proper username & password from your application so that the broker would grant you access.
Related
I have setup a Linked Service in Azure Data Factory to use in a Copy Activity to access Graph APIs, which require use of the OAuth protocol, which works fine. I now want to extend that to use the same Linked Service with a Web Activity. But in tests, it is returning "Empty Token"; Am I missing a (simple) config. option, or am I misunderstanding something?
Earlier, I used explicit Token fetch, which also works fine, but as my queries will - in Production - take longer than the (default) Token TTL, I did not want to have to implement Token refresh, at least not if the Linked Service will handle it for me.
I'm grateful to https://learn.microsoft.com/answers/users/7986441/carlzhao-msft.html for pointing out that I need also to specify, in the Web Services Settings Tab, the Authentication as Managed Identity, with the accompanying Resource as https://graph.microsoft.com/, for my Use Case
I am using shellobj unit to list network shares with subfolders using IShellFolder interface but it doens't work in windows service application. Can some one advise a way to solve that problem
thanks
As David mentioned you have to make sure your service runs in the correct context. See this post here.
The logon account determines the security identity of the service at
run time, that is, the service's primary security context. The
security context determines the service's ability to access local and
network resources. For example, a service running in the security
context of a local user account cannot access network resources.
I am in the process of building a Intranet MVC 4 application for our analysts. The goal is to allow internal users access to this application without having to sign on given they are part of our internal network. When they access the application I want to be able to capture their windows user name and check against the active directory using LDAP and retrieve the department they belong to and display the relevant details on the screen. Based on the advice from different fora, I have chosen Windows Authentication for this application and I was able to test the app successfully running from Visual Studio. The trouble I am having is when I deploy this to our UAT server running IIS 7.5.
<authentication mode="Windows">
</authentication>
<identity impersonate="false" />
This is the current state of my Web.config file. Irrespective of whether impersonate is true or false, the application seems to not capture the windows username of the browser from which the application is accessed. Is
impersonate = true
required for this at all? In the Welcome message on the homepage, I always see the windows user name of the computer where the application is hosted/IIS is running. I have tried a wide variety of ways to capture the Windows User name of the incoming user request.
string name = System.Web.HttpContext.Current.User.Identity.Name;
string name = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
string name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
string name = System.Web.HttpContext.Current.Request.ServerVariables["LOGON_USER"].Name;
etc. I also looked into several other posts here like this. But I am unable to get it to work. I am afraid that I am trying to achieve this by accident rather than really understanding what is going on? Could someone please guide me in the right direction?
No, you misunderstand the purpose of impersonation.
First, Impersonation is no longer supported in IIS 7 or greater running in integrated mode.
Second, the purpose of impersonation is to change the "user" the worker process runs under at runtime, specifically to allow access to filesystem or database resources as that user. It has nothing to do with authentication in general, and is not particularly useful for most web applications.
You want to use Windows Authentication, however you should know that this will only work with Internet Explorer. It will also only work with servers that are joined to your domain, and do not have any intermediary Kerberos authentication issues. (these are often known as "double hop" problems). Other browsers do not, by default, provide Active Directory account information automatically, although some may be configured to allow it to do so, others do not.
If you are using a properly configured server with Windows Authentication, and you are using a browser that supports ActiveDirectory Kerberos ticket passthrough, and there are no network issues that would cause problems with this passthrough, then you can use HttpContext.Current.User.Identity.Name to get the users name.
Don't use LogonName or anything like that, as those will just give you the worker process, not the authenticated users name.
First off, I know the best-practice is to use a single database user account in your web app to take advantage of connection pooling to keep the app nice and responsive. However, due to the REQUIREMENTS (as in no changing this under any circumstances), I must authenticate each user with his or her database account.
The context is a warehouse management application that runs on Android, but gets its data from web services that I'm probably going to write in Grails unless a suggestion here shows me a tech more suitable for my requirements. Due to the nature of the application, the users would likely only need to authenticate once or twice a day, so I was thinking I could simply persist the Connections in a HashMap keyed by the hash code of the username concatenated with the password. That should allow the application to maintain the same or similar performance level as the best practice.
Now, my issue is in using the persisted Connection objects. I know that I will not be able to use them with GORM without a significant amount of customization, so I was planning on using them with groovy.sql.Sql, which works out well because most of the business logic is in PL/SQL packages anyway.
My question is how does the groovy.sql.Sql class deal with its Connection object? Will I run into issues of Connections being closed by it, or can I safely use my HashMap to persist the Connections?
groovy.sql.Sql will not close your connection. In the class spec you can find:
If this SQL object was created with a Connection then this method
closes the connection.
So SQL class is really if you want to do things by yourself, not trusting entirely on Hibernate. Although, I think you can use Spring's UserCredentialsDataSourceAdapter for your solution. It uses ThreadLocal to set credentials for each thread, so the call to: UserCredentialsDataSourceAdapter.setCredentialsForCurrentThread(String username, String password)
would solve. There are other aproaches you could try here.
I actually just found something that future visitors to this question may find useful. While digging into the Spring Framework's documentation, I discovered that their JDBC Extensions actually implements proxy authentication (where a proxy account is used to establish the connection, but an actual account is provided for the context of SQL execution). Unfortunately, the implementation as of 8/17/2012 does not support using passwords for users over the proxy connection, so it won't be usable for me currently, but anyone finding this question should check to see if that is still the case. Here are the links:
JDBC Extensions Docs v1.0.0.RC1
JDBC Extensions Docs Base
can somebody list the uses of JMX in web application other than logging. I am new to JMX and logging seems to be the only good use of JMX.
Thanks in advance
You can you JMX to administer and manage components of a web application. For starters, most, if not all, Java EE web application servers register a lot of MBeans to provide monitoring and administration capabilities to several of their resources such as, connection pools, transaction managers, deployed applications, etc. You can then use a JMX client, like JConsole that comes with the JDK/JRE, to attach to a running application server and manage those components.
You can take it one step further, by creating and registering you own, custom MBeans to help manage and control portions of your applications. As an example, if your web app is using a cache of some kind to boost response times, you could create a control object that is capable of flushing the cache, change entry eviction times, disabling the cache, etc. Then you could register the control with the MBean server which in turn would make it accessible through the JMX client.
I have done this many times to provide an administration console into my web applications without the need to create any custom user interface.