[Feature] allow javaAgent to load a custom Authenticator #1001
Assignees
Comments
gtully
added a commit
to gtully/jmx_exporter
that referenced
this issue
Oct 3, 2024
…- needs client_java 1.4 Signed-off-by: Gary Tully <[email protected]>
gtully
added a commit
to gtully/jmx_exporter
that referenced
this issue
Oct 3, 2024
… needs client_java 1.4 Signed-off-by: Gary Tully <[email protected]>
dhoard
pushed a commit
that referenced
this issue
Oct 20, 2024
…ent_java 1.4 (#1002) Signed-off-by: Gary Tully <[email protected]>
|
@gtully I have integrated the code. I made some changes around class names/configuration. httpServer:
authentication:
plugin:
class: io.prometheus.jmx.AuthenticatorPlugin
subjectAttributeName: io.prometheus.jmx.CustomAuthenticatorSubjectAttribute |
|
@dhoard thanks for your help on this, and for the ibm java fix. much appreciated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The context is apache activemq artemis, where the mbean server can be locked down to authenticated users.
The RBAC, requires ArtemisPrincipals, and typically artemis generates these through JAAS logins. An example authenticator that we would like to plug in is at https://github.com/apache/activemq-artemis/blob/main/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/HttpServerAuthenticator.java
see some documentation at: https://activemq.apache.org/components/artemis/documentation/latest/management.html#artemis_rbac_mbean_server_guard
With this feature, the agent can directly authenticate with Artemis. With out some solution, the agent won't be able to scrape any mbeans!
There is another piece of the puzzle covered by prometheus/client_java#1088
To propagate an authenticated jaas subject to the application or MBean calls we need an attribute and a doAs handler.
The text was updated successfully, but these errors were encountered: