This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 0545664 ARTEMIS-3474 - replace whitelist with allowlist in
management.xml
new a95c615 This closes #3741
0545664 is described below
commit 0545664b3df0c8b76cd877e0216b80162192f6d9
Author: Andy Taylor <[email protected]>
AuthorDate: Mon Sep 13 08:39:03 2021 +0100
ARTEMIS-3474 - replace whitelist with allowlist in management.xml
https://issues.apache.org/jira/browse/ARTEMIS-3474
---
README.md | 4 +--
.../artemis/cli/factory/jmx/ManagementFactory.java | 23 +++++++++++--
.../artemis/cli/commands/etc/management.xml | 4 +--
.../dto/{WhiteListDTO.java => AllowListDTO.java} | 4 +--
.../activemq/artemis/dto/AuthorisationDTO.java | 11 ++++++-
.../apache/activemq/artemis/dto/WhiteListDTO.java | 1 +
.../artemis/core/server/ActiveMQServerLogger.java | 8 +++++
.../server/management/ArtemisMBeanServerGuard.java | 2 +-
.../server/management/JMXAccessControlList.java | 14 ++++----
.../management/JMXAccessControlListTest.java | 38 +++++++++++-----------
docs/user-manual/en/management.md | 16 +++++----
.../main/resources/activemq/server0/management.xml | 4 +--
.../main/resources/activemq/server0/management.xml | 4 +--
.../main/resources/activemq/server0/management.xml | 4 +--
.../resources/servers/audit-logging/management.xml | 4 +--
.../servers/audit-logging2/management.xml | 4 +--
.../main/resources/servers/jmx-rbac/management.xml | 4 +--
.../src/main/resources/servers/jmx/management.xml | 4 +--
.../resources/servers/replay/replay/management.xml | 4 +--
19 files changed, 98 insertions(+), 59 deletions(-)
diff --git a/README.md b/README.md
index 267f2fa..abe77bd 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ our [Hacking Guide](./docs/hacking-guide/en/SUMMARY.md).
## Build Status
-Build Status: [](https://travis-ci.org/apache/activemq-artemis)
+Build Status: [](https://travis-ci.org/apache/activemq-artemis)
## Building the ASYNC IO library
@@ -23,7 +23,7 @@ To build the ActiveMQ Artemis ASYNCIO native libraries,
please follow the instru
Our documentation is always in sync with our releases at the [Apache ActiveMQ
Artemis](https://activemq.apache.org/artemis/docs.html) website.
-Or you can also look at the current master version on
[github](https://github.com/apache/activemq-artemis/blob/master/docs/user-manual/en/SUMMARY.md).
+Or you can also look at the current main version on
[github](https://github.com/apache/activemq-artemis/blob/main/docs/user-manual/en/SUMMARY.md).
## Examples
diff --git
a/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/factory/jmx/ManagementFactory.java
b/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/factory/jmx/ManagementFactory.java
index 3b05115..1a409f3 100644
---
a/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/factory/jmx/ManagementFactory.java
+++
b/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/factory/jmx/ManagementFactory.java
@@ -19,14 +19,17 @@ package org.apache.activemq.artemis.cli.factory.jmx;
import org.apache.activemq.artemis.cli.ConfigurationException;
import org.apache.activemq.artemis.core.config.JMXConnectorConfiguration;
+import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
import org.apache.activemq.artemis.core.server.management.ManagementContext;
import org.apache.activemq.artemis.dto.AccessDTO;
+import org.apache.activemq.artemis.dto.AllowListDTO;
import org.apache.activemq.artemis.dto.AuthorisationDTO;
import org.apache.activemq.artemis.dto.EntryDTO;
import org.apache.activemq.artemis.dto.JMXConnectorDTO;
import org.apache.activemq.artemis.dto.ManagementContextDTO;
import org.apache.activemq.artemis.dto.MatchDTO;
import org.apache.activemq.artemis.core.server.management.JMXAccessControlList;
+import org.apache.activemq.artemis.dto.WhiteListDTO;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.apache.activemq.artemis.utils.FactoryFinder;
@@ -67,9 +70,23 @@ public class ManagementFactory {
if (config.getAuthorisation() != null) {
AuthorisationDTO authorisation = config.getAuthorisation();
JMXAccessControlList accessControlList = new JMXAccessControlList();
- List<EntryDTO> entries = authorisation.getWhiteList().getEntries();
- for (EntryDTO entry : entries) {
- accessControlList.addToWhiteList(entry.domain, entry.key);
+ //deprecated but here for backward compatibility
+ WhiteListDTO whiteList = authorisation.getWhiteList();
+ if (whiteList != null) {
+ ActiveMQServerLogger.LOGGER.useAllowList();
+ for (EntryDTO entry : whiteList.getEntries()) {
+ accessControlList.addToAllowList(entry.domain, entry.key);
+ }
+ }
+
+ AllowListDTO allowList = authorisation.getAllowList();
+ if (allowList != null) {
+ if (whiteList != null) {
+ ActiveMQServerLogger.LOGGER.useOnlyAllowList();
+ }
+ for (EntryDTO entry : allowList.getEntries()) {
+ accessControlList.addToAllowList(entry.domain, entry.key);
+ }
}
List<AccessDTO> accessList =
authorisation.getDefaultAccess().getAccess();
diff --git
a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/management.xml
b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/management.xml
index e5ea4f0..8aa3ace 100644
---
a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/management.xml
+++
b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<!--<connector connector-port="1099"/>-->
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="${role}"/>
<access method="get*" roles="${role}"/>
diff --git
a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AllowListDTO.java
similarity index 94%
copy from
artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
copy to
artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AllowListDTO.java
index 70feabe..6a52d28 100644
---
a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
+++
b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AllowListDTO.java
@@ -23,9 +23,9 @@ import javax.xml.bind.annotation.XmlElementRef;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.List;
-@XmlRootElement(name = "whitelist")
+@XmlRootElement(name = "allowlist")
@XmlAccessorType(XmlAccessType.FIELD)
-public class WhiteListDTO {
+public class AllowListDTO {
@XmlElementRef
List<EntryDTO> entry;
diff --git
a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AuthorisationDTO.java
b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AuthorisationDTO.java
index dd30246..32945fd 100644
---
a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AuthorisationDTO.java
+++
b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/AuthorisationDTO.java
@@ -26,19 +26,28 @@ import javax.xml.bind.annotation.XmlRootElement;
@XmlAccessorType(XmlAccessType.FIELD)
public class AuthorisationDTO {
- @XmlElementRef
+ @XmlElementRef( required = false)
+ @Deprecated
WhiteListDTO whitelist;
+ @XmlElementRef( required = false )
+ AllowListDTO allowList;
+
@XmlElementRef
DefaultAccessDTO defaultAccess;
@XmlElementRef
RoleAccessDTO roleAccess;
+ @Deprecated
public WhiteListDTO getWhiteList() {
return whitelist;
}
+ public AllowListDTO getAllowList() {
+ return allowList;
+ }
+
public DefaultAccessDTO getDefaultAccess() {
return defaultAccess;
}
diff --git
a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
index 70feabe..b01c5f4 100644
---
a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
+++
b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/WhiteListDTO.java
@@ -25,6 +25,7 @@ import java.util.List;
@XmlRootElement(name = "whitelist")
@XmlAccessorType(XmlAccessType.FIELD)
+@Deprecated
public class WhiteListDTO {
@XmlElementRef
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
index 6e62c72..fa41d45 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
@@ -2178,4 +2178,12 @@ public interface ActiveMQServerLogger extends
BasicLogger {
@LogMessage(level = Logger.Level.WARN)
@Message(id = 224109, value = "BrokerBalancer {0} not found", format =
Message.Format.MESSAGE_FORMAT)
void brokerBalancerNotFound(String name);
+
+ @LogMessage(level = Logger.Level.WARN)
+ @Message(id = 224110, value = "Configuration 'whitelist' is deprecated,
please use the 'allowlist' configuration", format =
Message.Format.MESSAGE_FORMAT)
+ void useAllowList();
+
+ @LogMessage(level = Logger.Level.WARN)
+ @Message(id = 224111, value = "Both 'whitelist' and 'allowlist' detected.
Configuration 'whitelist' is deprecated, please use only the 'allowlist'
configuration", format = Message.Format.MESSAGE_FORMAT)
+ void useOnlyAllowList();
}
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
index 02c4c34..2c7d82b 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.java
@@ -117,7 +117,7 @@ public class ArtemisMBeanServerGuard implements
InvocationHandler {
}
private boolean canBypassRBAC(ObjectName objectName) {
- return jmxAccessControlList.isInWhiteList(objectName);
+ return jmxAccessControlList.isInAllowList(objectName);
}
public boolean canInvoke(String object, String operationName) {
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
index 956726c..6b8ae94 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
@@ -33,7 +33,7 @@ public class JMXAccessControlList {
private Access defaultAccess = new Access(WILDCARD);
private ConcurrentHashMap<String, TreeMap<String, Access>> domainAccess =
new ConcurrentHashMap<>();
- private ConcurrentHashMap<String, TreeMap<String, Access>> whitelist = new
ConcurrentHashMap<>();
+ private ConcurrentHashMap<String, TreeMap<String, Access>> allowList = new
ConcurrentHashMap<>();
private Comparator<String> keyComparator = (key1, key2) -> {
boolean key1ContainsWildCard = key1.contains(WILDCARD);
boolean key2ContainsWildcard = key2.contains(WILDCARD);
@@ -48,11 +48,11 @@ public class JMXAccessControlList {
return key2.length() - key1.length();
};
- public void addToWhiteList(String domain, String key) {
+ public void addToAllowList(String domain, String key) {
TreeMap<String, Access> domainMap = new TreeMap<>(keyComparator);
- domainMap = whitelist.putIfAbsent(domain, domainMap);
+ domainMap = allowList.putIfAbsent(domain, domainMap);
if (domainMap == null) {
- domainMap = whitelist.get(domain);
+ domainMap = allowList.get(domain);
}
Access access = new Access(domain, normalizeKey(key));
domainMap.putIfAbsent(access.getKey(), access);
@@ -81,8 +81,8 @@ public class JMXAccessControlList {
return defaultAccess.getMatchingRolesForMethod(methodName);
}
- public boolean isInWhiteList(ObjectName objectName) {
- TreeMap<String, Access> domainMap =
whitelist.get(objectName.getDomain());
+ public boolean isInAllowList(ObjectName objectName) {
+ TreeMap<String, Access> domainMap =
allowList.get(objectName.getDomain());
if (domainMap != null) {
if (domainMap.containsKey("")) {
return true;
@@ -223,7 +223,7 @@ public class JMXAccessControlList {
public static JMXAccessControlList createDefaultList() {
JMXAccessControlList accessControlList = new JMXAccessControlList();
- accessControlList.addToWhiteList("hawtio", "type=*");
+ accessControlList.addToAllowList("hawtio", "type=*");
accessControlList.addToRoleAccess("org.apache.activemq.artemis", null,
"list*", "view", "update", "amq");
accessControlList.addToRoleAccess("org.apache.activemq.artemis", null,
"get*", "view", "update", "amq");
diff --git
a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
index 9fe549c..4849bfb 100644
---
a/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
+++
b/artemis-server/src/test/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlListTest.java
@@ -29,35 +29,35 @@ public class JMXAccessControlListTest {
@Test
public void testBasicDomain() throws MalformedObjectNameException {
JMXAccessControlList controlList = new JMXAccessControlList();
- controlList.addToWhiteList("org.myDomain", null);
- controlList.addToWhiteList("org.myDomain.foo", null);
- Assert.assertTrue(controlList.isInWhiteList(new
ObjectName("org.myDomain:*")));
- Assert.assertTrue(controlList.isInWhiteList(new
ObjectName("org.myDomain.foo:*")));
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain.bar:*")));
+ controlList.addToAllowList("org.myDomain", null);
+ controlList.addToAllowList("org.myDomain.foo", null);
+ Assert.assertTrue(controlList.isInAllowList(new
ObjectName("org.myDomain:*")));
+ Assert.assertTrue(controlList.isInAllowList(new
ObjectName("org.myDomain.foo:*")));
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain.bar:*")));
}
@Test
public void testBasicDomainWithProperty() throws
MalformedObjectNameException {
JMXAccessControlList controlList = new JMXAccessControlList();
- controlList.addToWhiteList("org.myDomain", "type=foo");
- controlList.addToWhiteList("org.myDomain.foo", "type=bar");
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain:*")));
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain.foo:*")));
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain.bar:*")));
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain:subType=foo")));
-
- Assert.assertTrue(controlList.isInWhiteList(new
ObjectName("org.myDomain:type=foo")));
- Assert.assertTrue(controlList.isInWhiteList(new
ObjectName("org.myDomain:subType=bar,type=foo")));
+ controlList.addToAllowList("org.myDomain", "type=foo");
+ controlList.addToAllowList("org.myDomain.foo", "type=bar");
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain:*")));
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain.foo:*")));
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain.bar:*")));
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain:subType=foo")));
+
+ Assert.assertTrue(controlList.isInAllowList(new
ObjectName("org.myDomain:type=foo")));
+ Assert.assertTrue(controlList.isInAllowList(new
ObjectName("org.myDomain:subType=bar,type=foo")));
}
@Test
public void testBasicDomainWithWildCardProperty() throws
MalformedObjectNameException {
JMXAccessControlList controlList = new JMXAccessControlList();
- controlList.addToWhiteList("org.myDomain", "type=*");
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain:*")));
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain.foo:*")));
- Assert.assertFalse(controlList.isInWhiteList(new
ObjectName("org.myDomain.bar:*")));
- Assert.assertTrue(controlList.isInWhiteList(new
ObjectName("org.myDomain:type=foo")));
+ controlList.addToAllowList("org.myDomain", "type=*");
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain:*")));
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain.foo:*")));
+ Assert.assertFalse(controlList.isInAllowList(new
ObjectName("org.myDomain.bar:*")));
+ Assert.assertTrue(controlList.isInAllowList(new
ObjectName("org.myDomain:type=foo")));
}
@Test
diff --git a/docs/user-manual/en/management.md
b/docs/user-manual/en/management.md
index f09bf18..49a4c33 100644
--- a/docs/user-manual/en/management.md
+++ b/docs/user-manual/en/management.md
@@ -305,28 +305,32 @@ the broker's JAAS plugin support. This is configured via
the `authorisation`
element in the `management.xml` configuration file and can be used to restrict
access to attributes and methods on MBeans.
-There are 3 elements within the `authorisation` element, `whitelist`,
+There are 3 elements within the `authorisation` element, `allowlist`,
`default-access` and `role-access`. Lets discuss each in turn.
-Whitelist contains a list of MBeans that will bypass the authorisation, this
+Allowlist contains a list of MBeans that will bypass the authorisation, this
is typically used for any MBeans that are needed by the console to run etc. The
default configuration is:
```xml
-<whitelist>
+<allowlist>
<entry domain="hawtio"/>
-</whitelist>
+</allowlist>
```
This means that any MBean with the domain `hawtio` will be allowed access
without authorisation. for instance `hawtio:plugin=artemis`. You can also use
wildcards for the MBean properties so the following would also match.
```xml
-<whitelist>
+<allowlist>
<entry domain="hawtio" key="type=*"/>
-</whitelist>
+</allowlist>
```
+> **Note:**
+>
+> The allowlist element has replaced the whitelist element which is now
deprecated
+
The `role-access`defines how roles are mapped to particular MBeans and its
attributes and methods, the default configuration looks like:
diff --git
a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/management.xml
b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/management.xml
index 77beedb..4005e9a 100644
---
a/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/management.xml
+++
b/examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/management.xml
@@ -25,9 +25,9 @@
trust-store-path="${data.dir}/../etc/client-ca-truststore.jks"
trust-store-password="ENC(1f0e6cd7ced61232730f9e82cc91c1e1)"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
diff --git
a/examples/features/standard/jmx/src/main/resources/activemq/server0/management.xml
b/examples/features/standard/jmx/src/main/resources/activemq/server0/management.xml
index 2b71162..b497c34 100644
---
a/examples/features/standard/jmx/src/main/resources/activemq/server0/management.xml
+++
b/examples/features/standard/jmx/src/main/resources/activemq/server0/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="1099" connector-host="localhost"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
diff --git
a/examples/features/standard/message-counters/src/main/resources/activemq/server0/management.xml
b/examples/features/standard/message-counters/src/main/resources/activemq/server0/management.xml
index ee91771..8460d9e 100644
---
a/examples/features/standard/message-counters/src/main/resources/activemq/server0/management.xml
+++
b/examples/features/standard/message-counters/src/main/resources/activemq/server0/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="1099" connector-host="127.0.0.1"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
diff --git
a/tests/smoke-tests/src/main/resources/servers/audit-logging/management.xml
b/tests/smoke-tests/src/main/resources/servers/audit-logging/management.xml
index e49dbb4..e7f01cf 100644
--- a/tests/smoke-tests/src/main/resources/servers/audit-logging/management.xml
+++ b/tests/smoke-tests/src/main/resources/servers/audit-logging/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="10099" connector-host="localhost"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="guest"/>
<access method="get*" roles="guest"/>
diff --git
a/tests/smoke-tests/src/main/resources/servers/audit-logging2/management.xml
b/tests/smoke-tests/src/main/resources/servers/audit-logging2/management.xml
index e49dbb4..e7f01cf 100644
--- a/tests/smoke-tests/src/main/resources/servers/audit-logging2/management.xml
+++ b/tests/smoke-tests/src/main/resources/servers/audit-logging2/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="10099" connector-host="localhost"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="guest"/>
<access method="get*" roles="guest"/>
diff --git
a/tests/smoke-tests/src/main/resources/servers/jmx-rbac/management.xml
b/tests/smoke-tests/src/main/resources/servers/jmx-rbac/management.xml
index 44e491e..f0ac039 100644
--- a/tests/smoke-tests/src/main/resources/servers/jmx-rbac/management.xml
+++ b/tests/smoke-tests/src/main/resources/servers/jmx-rbac/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="10099"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="amq"/>
<access method="get*" roles="amq"/>
diff --git a/tests/smoke-tests/src/main/resources/servers/jmx/management.xml
b/tests/smoke-tests/src/main/resources/servers/jmx/management.xml
index 87d1e02..0c4656b 100644
--- a/tests/smoke-tests/src/main/resources/servers/jmx/management.xml
+++ b/tests/smoke-tests/src/main/resources/servers/jmx/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="10099" connector-host="localhost"
rmi-registry-port="10098" />
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="amq"/>
<access method="get*" roles="amq"/>
diff --git
a/tests/smoke-tests/src/main/resources/servers/replay/replay/management.xml
b/tests/smoke-tests/src/main/resources/servers/replay/replay/management.xml
index 1677deb..4b1cf06 100644
--- a/tests/smoke-tests/src/main/resources/servers/replay/replay/management.xml
+++ b/tests/smoke-tests/src/main/resources/servers/replay/replay/management.xml
@@ -18,9 +18,9 @@
<management-context xmlns="http://activemq.org/schema">
<connector connector-port="1099"/>
<authorisation>
- <whitelist>
+ <allowlist>
<entry domain="hawtio"/>
- </whitelist>
+ </allowlist>
<default-access>
<access method="list*" roles="amq"/>
<access method="get*" roles="amq"/>