Securing JSR-160 proxy communication

I'd like to secure (via https) the JSR-160 communication which is used for going from the JMX proxy to the target server. Proxy code should handle client certificates. Requests forwarded with username/password in clear-text to the target server is a security limitation.
Regards

giuseppe , 29.03.2011, 10:01

Idea status: under consideration

Comments

jolokia, 29.03.2011, 11:52

I agree, that would be a useful addition. However, using client certificates is a bit hard to use for a stateless agent as it is now. The installation on the proxy server would need to have access to those client certificates, so an extra installation step is required. Also, since the proxy is agnostic to the target (all information is provided within the original request), it needs to dive into the request in order to select a proper certificate. Nevertheless, this should be feasible when the default KeyStore is setup properly from the outside (there is still an extra correlation between the certificate and the target required).

Without registration

Name		Required
e-mail		Required

Login		Use 3 to 18 characters, Latin characters or numbers	This login is not availableThis login is available
e-mail
Password		Use 3 to 18 characters, Latin characters or numbers
Re-type password
	Remember me

	Sign up

Login
Password		Forgot your password?
	Remember me


E-mail

Securing JSR-160 proxy communication

Comments

Leave a comment