[activemq] branch activemq-5.17.x updated: AMQ-9201 - Update Jolokia default access configuration

Wed, 01 Feb 2023 04:26:45 -0800 

This is an automated email from the ASF dual-hosted git repository.

cshannon pushed a commit to branch activemq-5.17.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.17.x by this push:
     new bf65929fd AMQ-9201 - Update Jolokia default access configuration
bf65929fd is described below

commit bf65929fdc607d5bb953a507c2f0c7256ae8e5b6
Author: Christopher L. Shannon (cshannon) <[email protected]>
AuthorDate: Wed Feb 1 07:04:56 2023 -0500

    AMQ-9201 - Update Jolokia default access configuration
    
    (cherry picked from commit 6120169e563b55323352431dfe9ac67a8b4de6c2)
---
 assembly/src/release/conf/jolokia-access.xml | 34 +++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/assembly/src/release/conf/jolokia-access.xml 
b/assembly/src/release/conf/jolokia-access.xml
index 8cad1cd40..97b099a5b 100644
--- a/assembly/src/release/conf/jolokia-access.xml
+++ b/assembly/src/release/conf/jolokia-access.xml
@@ -22,8 +22,35 @@
     <strict-checking/>
   </cors>
 
-  <!-- deny calling operations or getting attributes from these mbeans -->
+  <!-- By default don't allow write or exec operations -->
+  <commands>
+    <command>read</command>
+    <command>list</command>
+    <command>version</command>
+    <command>search</command>
+  </commands>
+
+  <allow>
+    <!-- Allow all operations for the broker itself -->
+    <mbean>
+      <name>org.apache.activemq:*</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
+    <!-- Allow all operations for Jolokia Config -->
+    <mbean>
+      <name>jolokia:type=Config</name>
+      <operation>*</operation>
+    </mbean>
+  </allow>
+
+  <!-- deny all operations or getting attributes from these mbeans -->
   <deny>
+    <mbean>
+      <name>org.apache.logging.log4j2:*</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
     <mbean>
       <name>com.sun.management:type=DiagnosticCommand</name>
       <attribute>*</attribute>
@@ -34,6 +61,11 @@
       <attribute>*</attribute>
       <operation>*</operation>
     </mbean>
+    <mbean>
+      <name>jdk.management.jfr:type=FlightRecorder</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
   </deny>
 
 </restrict>

Reply via email to