[activemq-website] branch master updated: Adding information on the Jolokia security policy and how to configure it

[jbonofre]

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-website.git


The following commit(s) were added to refs/heads/master by this push:
     new 7e07192  Adding information on the Jolokia security policy and how to 
configure it
     new f2727e4  Merge pull request #26 from coheigea/jolokia
7e07192 is described below

commit 7e07192fd3d29499dfba8d97f9da99573ad7de30
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Tue Mar 3 11:45:55 2020 +0000

    Adding information on the Jolokia security policy and how to configure it
---
 content/rest.html | 23 ++++++++++++++++++++++-
 src/rest.md       | 24 +++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/content/rest.html b/content/rest.html
index 11b1c78..e162609 100644
--- a/content/rest.html
+++ b/content/rest.html
@@ -270,7 +270,28 @@ curl -XGET 
http://admin:admin@localhost:8161/api/message?destination=topic://ord
 <p>or to be more specific, total consumer count with</p>
 <div class="highlighter-rouge"><div class="highlight"><pre 
class="highlight"><code>wget --user admin --password admin --auth-no-challenge 
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost/TotalConsumerCount
 </code></pre></div></div>
-<p>For more information on Jolokia protocol, see its reference manual. An API 
like this makes it easy to script monitoring and management operations against 
the broker, see also <a href="how-can-i-monitor-activemq">How can I monitor 
ActiveMQ</a>?</p>
+<p>By default, ActiveMQ uses the <a 
href="https://github.com/apache/activemq/blob/master/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml";>following</a>
 Jolokia security policy:</p>
+<div class="highlighter-rouge"><div class="highlight"><pre 
class="highlight"><code>&lt;restrict&gt;
+
+  &lt;!-- deny calling operations or getting attributes from these mbeans 
--&gt;
+  &lt;deny&gt;
+    &lt;mbean&gt;
+      &lt;name&gt;com.sun.management:type=DiagnosticCommand&lt;/name&gt;
+      &lt;attribute&gt;*&lt;/attribute&gt;
+      &lt;operation&gt;*&lt;/operation&gt;
+    &lt;/mbean&gt;
+    &lt;mbean&gt;
+      &lt;name&gt;com.sun.management:type=HotSpotDiagnostic&lt;/name&gt;
+      &lt;attribute&gt;*&lt;/attribute&gt;
+      &lt;operation&gt;*&lt;/operation&gt;
+    &lt;/mbean&gt;
+  &lt;/deny&gt;
+
+&lt;/restrict&gt;
+</code></pre></div></div>
+<p>A custom Jolokia security policy can be configured by editing 
‘webapps/api/WEB-INF/web.xml’ and specifying the ‘policyLocation’ parameter 
under the ‘jolokia-agent’ servlet.</p>
+
+<p>For more information on Jolokia security, please refer to the <a 
href="https://jolokia.org/reference/html/security.html";>security section</a> of 
its reference manual. An API like this makes it easy to script monitoring and 
management operations against the broker, see also <a 
href="how-can-i-monitor-activemq">How can I monitor ActiveMQ</a>?</p>
 
 <h2 id="gotchas-and-other-trivia">Gotcha’s and other trivia</h2>
 
diff --git a/src/rest.md b/src/rest.md
index 320f6ca..bca50b6 100644
--- a/src/rest.md
+++ b/src/rest.md
@@ -205,7 +205,29 @@ or to be more specific, total consumer count with
 ```
 wget --user admin --password admin --auth-no-challenge 
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost/TotalConsumerCount
 ```
-For more information on Jolokia protocol, see its reference manual. An API 
like this makes it easy to script monitoring and management operations against 
the broker, see also [How can I monitor ActiveMQ](how-can-i-monitor-activemq)?
+By default, ActiveMQ uses the 
[following](https://github.com/apache/activemq/blob/master/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml)
 Jolokia security policy:
+```
+<restrict>
+
+  <!-- deny calling operations or getting attributes from these mbeans -->
+  <deny>
+    <mbean>
+      <name>com.sun.management:type=DiagnosticCommand</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
+    <mbean>
+      <name>com.sun.management:type=HotSpotDiagnostic</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
+  </deny>
+
+</restrict>
+```
+A custom Jolokia security policy can be configured by editing 
'webapps/api/WEB-INF/web.xml' and specifying the 'policyLocation' parameter 
under the 'jolokia-agent' servlet.
+
+For more information on Jolokia security, please refer to the [security 
section](https://jolokia.org/reference/html/security.html) of its reference 
manual. An API like this makes it easy to script monitoring and management 
operations against the broker, see also [How can I monitor 
ActiveMQ](how-can-i-monitor-activemq)?
 
 Gotcha's and other trivia
 -------------------------