Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2294

Can't disable unauthenticated JMX on 1099

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.1.1, 8.0.0-M3, 7.1.2, 8.0.1
    • Fix Version/s: 8.0.6
    • Component/s: TomEE Core Server
    • Labels:
      None

      Description

      ActiveMQ comes bundled with a JMX host that is default on unauthenticated on port 1099.

      <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
        BrokerXmlConfig = broker:(vm://broker)?useJmx=false
        ServerUrl = vm://broker
      </Resource>

      Tomee's resource configuration doesn't allow this to be disabled. The above doesn't work.

      This can be disabled by inspecting an activemq jar's manifest, pulling down the same version of activemq-all, and putting that in the tomee/lib directory, at which point this works:

      <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
        BrokerXmlConfig = xbean:file:activemq.xml
        ServerUrl = vm://broker
      </Resource>
      
        <broker xmlns="http://activemq.apache.org/schema/core"
                useJmx="false"
                brokerName="broker"
                useShutdownHook="false"
                persistent="true"
                start="true"
                schedulerSupport="false"
                enableStatistics="false"
                offlineDurableSubscriberTimeout="259200000"
                offlineDurableSubscriberTaskSchedule="3600000">
      

      However, convincing the guy hosting the server to inspect JAR manifests, pull down specific jars, and maintain a second configuration file seems like a lot of effort to go to just to have the ability to disable unauthenticated access to every MBean in the VM

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Henskens Frans
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: