[jira] [Created] (AMQ-9477) Secure Jolokia/API by default

Jira Wed, 10 Apr 2024 13:15:52 -0700

Jean-Baptiste Onofré created AMQ-9477:
-----------------------------------------


             Summary: Secure Jolokia/API by default
                 Key: AMQ-9477
                 URL: https://issues.apache.org/jira/browse/AMQ-9477
             Project: ActiveMQ Classic
          Issue Type: Bug
          Components: Broker
    Affects Versions: 6.1.1, 6.1.0, 6.0.1, 6.0.0
            Reporter: Jean-Baptiste Onofré
            Assignee: Jean-Baptiste Onofré
             Fix For: 6.1.2


The default security constraint defined in {{conf/jetty.xml}} secure the 
WebConsole.

However, it would make sense to secure all resources, including Jolokia and 
REST API.

The security constraint should be updated to:
{code:java}
<bean id="securityConstraintMapping" 
class="org.eclipse.jetty.security.ConstraintMapping">
  <property name="constraint" ref="securityConstraint" />
  <property name="pathSpec" value="/" />
</bean> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (AMQ-9477) Secure Jolokia/API by default

Reply via email to