Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-9477

Secure Jolokia/API by default

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.0.0, 6.0.1, 6.1.0, 6.1.1
    • 6.2.0, 6.1.2
    • Broker
    • None

    Description

      The default security constraint defined in conf/jetty.xml secure the WebConsole.

      However, it would make sense to secure all resources, including Jolokia and REST API.

      The security constraint should be updated to:

      <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
  <property name="constraint" ref="securityConstraint" />
  <property name="pathSpec" value="/" />
</bean>

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. AMQ-9476 Jetty config has invalid constraint mapping

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              jbonofre Jean-Baptiste Onofré
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: