2 votes Vote

Securing JSR-160 proxy communication

I'd like to secure (via https) the JSR-160 communication which is used for going from the JMX proxy to the target server. Proxy code should handle client certificates. Requests forwarded with username/password in clear-text to the target server is a security limitation.

giuseppe , 29.03.2011, 10:01
Idea status: under consideration


jolokia, 29.03.2011, 11:52
I agree, that would be a useful addition. However, using client certificates is a bit hard to use for a stateless agent as it is now. The installation on the proxy server would need to have access to those client certificates, so an extra installation step is required. Also, since the proxy is agnostic to the target (all information is provided within the original request), it needs to dive into the request in order to select a proper certificate. Nevertheless, this should be feasible when the default KeyStore is setup properly from the outside (there is still an extra correlation between the certificate and the target required).

Leave a comment