This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/master by this push:
new 33c2eda Updating Jolokia config with CORS Setting
new 45f7992 Merge pull request #27 from coheigea/jolokia_cors
33c2eda is described below
commit 33c2edad13bc3fffeaaaa4a71c1ea2cebf708abf
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Tue Mar 3 14:27:34 2020 +0000
Updating Jolokia config with CORS Setting
---
content/rest.html | 9 +++++++--
src/rest.md | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/content/rest.html b/content/rest.html
index e162609..94c9413 100644
--- a/content/rest.html
+++ b/content/rest.html
@@ -265,14 +265,19 @@ curl -XGET
http://admin:admin@localhost:8161/api/message?destination=topic://ord
<h2 id="rest-management">Rest Management</h2>
<p>Starting with version 5.8 we provide a REST management API for the broker.
Using <a href="http://www.jolokia.org/";>Jolokia</a> JMX-HTTP bridge it’s
possible to access all broker metrics (like memory usage) and execute
management operations (like purging queues) using REST API. By default the
management API is exposed at <a
href="http://localhost:8161/api/jolokia/";>http://localhost:8161/api/jolokia/</a>
URL. So you can for example get basic broker data with</p>
-<div class="highlighter-rouge"><div class="highlight"><pre
class="highlight"><code>wget --user admin --password admin --auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost
+<div class="highlighter-rouge"><div class="highlight"><pre
class="highlight"><code>wget --user admin --password admin --header "Origin:
http://localhost"; --auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost
</code></pre></div></div>
<p>or to be more specific, total consumer count with</p>
-<div class="highlighter-rouge"><div class="highlight"><pre
class="highlight"><code>wget --user admin --password admin --auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost/TotalConsumerCount
+<div class="highlighter-rouge"><div class="highlight"><pre
class="highlight"><code>wget --user admin --password admin --header "Origin:
http://localhost"; --auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost/TotalConsumerCount
</code></pre></div></div>
<p>By default, ActiveMQ uses the <a
href="https://github.com/apache/activemq/blob/master/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml";>following</a>
Jolokia security policy:</p>
<div class="highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><restrict>
+ <!-- Enforce that an Origin/Referer header is present to prevent CSRF
-->
+ <cors>
+ <strict-checking/>
+ </cors>
+
<!-- deny calling operations or getting attributes from these mbeans
-->
<deny>
<mbean>
diff --git a/src/rest.md b/src/rest.md
index bca50b6..30b3964 100644
--- a/src/rest.md
+++ b/src/rest.md
@@ -199,16 +199,21 @@ Rest Management
Starting with version 5.8 we provide a REST management API for the broker.
Using [Jolokia](http://www.jolokia.org/) JMX-HTTP bridge it's possible to
access all broker metrics (like memory usage) and execute management operations
(like purging queues) using REST API. By default the management API is exposed
at [http://localhost:8161/api/jolokia/](http://localhost:8161/api/jolokia/)
URL. So you can for example get basic broker data with
```
-wget --user admin --password admin --auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost
+wget --user admin --password admin --header "Origin: http://localhost";
--auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost
```
or to be more specific, total consumer count with
```
-wget --user admin --password admin --auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost/TotalConsumerCount
+wget --user admin --password admin --header "Origin: http://localhost";
--auth-no-challenge
http://localhost:8161/api/jolokia/read/org.apache.activemq:type=Broker,brokerName=localhost/TotalConsumerCount
```
By default, ActiveMQ uses the
[following](https://github.com/apache/activemq/blob/master/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml)
Jolokia security policy:
```
<restrict>
+ <!-- Enforce that an Origin/Referer header is present to prevent CSRF -->
+ <cors>
+ <strict-checking/>
+ </cors>
+
<!-- deny calling operations or getting attributes from these mbeans -->
<deny>
<mbean>
