I am using Spring 2.5 and Java 1.6.0_7. I remote several JMX MBeans and have multiple clients invoking those MBeans remotely using JMXMP. I rely on JMX Notification listeners to push events out to multiple clients. I am trying to figure out how to secure remote access to those MBeans using Spring Security.
I need to specify multiple levels of access to the operations on the MBeans. I want to secure the connection with two-way SSL. I would prefer to use X.509 certificates for identifying users but a basic name/password authentication would suffice as well.
It appears that Spring Security does not provide a secure JMX remoting solution and it's not clear to me how much effort is required to secure JMXMP with Spring. Would it be wiser to not use JMX/JMXMP and export the services those MBeans provide using an alternative (and already supported) Spring Remoting service such as Burlap, Hessian, and HTTP. RMI is not very attractive because it uses port mapping. I also have some concern over pushing events out to client using the non-RMI remoting options.
Thanks for reading this long question, hopefully it's clearly stated ;o)
John