Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
7.1.1, 8.0.0-M3, 7.1.2, 8.0.1
-
None
Description
ActiveMQ comes bundled with a JMX host that is default on unauthenticated on port 1099.
<Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter"> BrokerXmlConfig = broker:(vm://broker)?useJmx=false ServerUrl = vm://broker </Resource>
Tomee's resource configuration doesn't allow this to be disabled. The above doesn't work.
This can be disabled by inspecting an activemq jar's manifest, pulling down the same version of activemq-all, and putting that in the tomee/lib directory, at which point this works:
<Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter"> BrokerXmlConfig = xbean:file:activemq.xml ServerUrl = vm://broker </Resource>
<broker xmlns="http://activemq.apache.org/schema/core" useJmx="false" brokerName="broker" useShutdownHook="false" persistent="true" start="true" schedulerSupport="false" enableStatistics="false" offlineDurableSubscriberTimeout="259200000" offlineDurableSubscriberTaskSchedule="3600000">
However, convincing the guy hosting the server to inspect JAR manifests, pull down specific jars, and maintain a second configuration file seems like a lot of effort to go to just to have the ability to disable unauthenticated access to every MBean in the VM