This is an automated email from the ASF dual-hosted git repository. pcongiusti pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel.git
commit 0dd7cf4f494f288dc94e009a374a22d3e3a58b51 Author: Pasquale Congiusti <[email protected]> AuthorDate: Wed Nov 20 12:19:07 2024 +0100 chore(components): add a warning when missing jolokia policies --- .../src/main/docs/platform-http-jolokia.adoc | 29 ++++++++++++++++++++++ .../plugin/DefaultJolokiaPlatformHttpPlugin.java | 12 ++++++--- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/components/camel-platform-http-jolokia/src/main/docs/platform-http-jolokia.adoc b/components/camel-platform-http-jolokia/src/main/docs/platform-http-jolokia.adoc index d573dd2767f..bec7528f151 100644 --- a/components/camel-platform-http-jolokia/src/main/docs/platform-http-jolokia.adoc +++ b/components/camel-platform-http-jolokia/src/main/docs/platform-http-jolokia.adoc @@ -19,3 +19,32 @@ Jolokia can be enabled as follows in `application.properties`: camel.server.enabled = true camel.server.jolokiaEnabled = true ---- + +After the application is started, you can query the Jolokia endpoint (default `/q/jolokia`) as in this example: + +``` +$ curl http://localhost:8080/q/jolokia/list/org.apache.camel | jq + +{ + "request": { + "path": "org.apache.camel", + "type": "list" + }, + "value": { + "context=test,name=\"timer://yaml\\?period=1000\",type=endpoints": { + "op": { + "getEndpointUri": { + "args": [], + "ret": "java.lang.String", + "desc": "EndpointUri" + }, +... +``` + +== How to use it + +This components acts as a Jolokia agent exposing HTTP endpoints to access JMX services. It looks for default restrictor policies located in `classpath:/jolokia-access.xml`, allowing by default access to all MBeans if no policy is found. + +WARNING: this may be exposing sensitive information, make sure to protect the access to the endpoints accurately. + +Make sure to https://jolokia.org/reference/html/manual/security.html#security-policy-location[include a security policy] as provided in Jolokia documentation to avoid any security problem. diff --git a/components/camel-platform-http-jolokia/src/main/java/org/apache/camel/component/platform/http/plugin/DefaultJolokiaPlatformHttpPlugin.java b/components/camel-platform-http-jolokia/src/main/java/org/apache/camel/component/platform/http/plugin/DefaultJolokiaPlatformHttpPlugin.java index 053529db681..2d8c89fdb06 100644 --- a/components/camel-platform-http-jolokia/src/main/java/org/apache/camel/component/platform/http/plugin/DefaultJolokiaPlatformHttpPlugin.java +++ b/components/camel-platform-http-jolokia/src/main/java/org/apache/camel/component/platform/http/plugin/DefaultJolokiaPlatformHttpPlugin.java @@ -108,15 +108,19 @@ public class DefaultJolokiaPlatformHttpPlugin extends ServiceSupport implements try { var restrictor = RestrictorFactory.lookupPolicyRestrictor(pLocation); if (restrictor != null) { - jolokiaLogHandler.info("Using access restrictor: " + pLocation); + LOG.info("Using access restrictor: " + pLocation); return restrictor; } else { - jolokiaLogHandler.info("No access restrictor found at: " + pLocation + ", access to all MBeans is allowed"); + LOG.warn("No access restrictor found at: " + pLocation + ", access to all MBeans is allowed." + + " Mind that this is an unsecure and dangerous configuration that you may only want to use for development environments." + + + " NEVER use this in a production environment as it would expose sensitive information with no authentication" + + " and is a potential vector of remote attacks."); return new AllowAllRestrictor(); } } catch (IOException e) { - jolokiaLogHandler.error("Error while accessing access restrictor: at " + pLocation + - ". Denying all access to MBeans for security reasons. Exception: " + e, + LOG.error("Error while accessing access restrictor: at " + pLocation + + ". Denying all access to MBeans for security reasons. Exception: " + e, e); return new DenyAllRestrictor(); }
