[
https://issues.apache.org/jira/browse/AMQ-9477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré resolved AMQ-9477.
---------------------------------------
Fix Version/s: 6.2.0
Resolution: Fixed
> Secure Jolokia/API by default
> -----------------------------
>
> Key: AMQ-9477
> URL: https://issues.apache.org/jira/browse/AMQ-9477
> Project: ActiveMQ Classic
> Issue Type: Bug
> Components: Broker
> Affects Versions: 6.0.0, 6.0.1, 6.1.0, 6.1.1
> Reporter: Jean-Baptiste Onofré
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 6.2.0, 6.1.2
>
>
> The default security constraint defined in {{conf/jetty.xml}} secure the
> WebConsole.
> However, it would make sense to secure all resources, including Jolokia and
> REST API.
> The security constraint should be updated to:
> {code:java}
> <bean id="securityConstraintMapping"
> class="org.eclipse.jetty.security.ConstraintMapping">
> <property name="constraint" ref="securityConstraint" />
> <property name="pathSpec" value="/" />
> </bean> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
