When using the javamelody plugin for JIRA, Confluence or Bamboo [1], the
plugin already checks that the user is connected as system admin.
Given that the system admin can see all admin tabs in JIRA / Confluence
/ Bamboo, I would think that seeing the javamelody monitoring page does
not need more permission.
And I would think that this check is enough and you don't need to add more.
By the way, when using the "monitoring" javamelody plugin [2] for
Jenkins or Hudson and when the security is enabled in Jenkins / Hudson,
the "monitoring" plugin also checks that the user is connected as admin.
That said, if you really wish to add more checks, yes the Tomcat
configuration and the authentication configuration in JIRA are quite
specialized for JIRA, but I do not know the details of what is
configured in JIRA's Tomcat.
And, because you were speaking about the collect server before, do you
want in fact to connect a collect server to the monitoring of JIRA? If
yes, have you used "-Djavamelody.plugin-authentication-disabled=true"
and "-Djavamelody.allowed-addr-pattern=....."?
bye,
Emeric
[1] https://plugins.atlassian.com/plugin/details/20909
[2] https://wiki.jenkins-ci.org/display/JENKINS/Monitoring
Le 29/01/2012 01:16, Valentijn a �crit :
I think that checking permission in the JIRA plugin is not documented:
"it just works".
Yes it checks that the user is connected and that the user has the
System-Admin permission in JIRA.
This check is done everytime when the "/monitoring" url is called, when
it is called by using the menu in the JIRA's administration and when the
"/monitoring" url is called directly.
The web-item in atlassian-plugin.xml is there just to add an item (a
link) in the JIRA's administration.
Checking the user and the permission for JIRA, Confluence and Bamboo is
in fact coded there and there in the servlet filter:
http://code.google.com/p/javamelody/source/browse/trunk/javamelody-core/src/main/java/net/bull/javamelody/JiraMonitoringFilter.java#68
http://code.google.com/p/javamelody/source/browse/trunk/javamelody-core/src/main/java/net/bull/javamelody/JiraMonitoringFilter.java#136
(You can see that this code was changed recently to be compatible with
JIRA 5 RC)
bye,
Emeric
Le 29/01/2012 23:34, Valentijn a �crit :