[jira] [Commented] (ARTEMIS-5262) Allow VisualVM to browse JMX Mbeans by default

Thu, 20 Mar 2025 12:47:18 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17937210#comment-17937210
 ] 

Justin Bertram commented on ARTEMIS-5262:
-----------------------------------------

Can you be more specific about exactly how you're connecting from VisualVM to 
the broker as well as how you're configuring the broker for remote access?

Also, what exactly is missing from the "initial VisualVM window"?

To be clear, access was locked down by default via ARTEMIS-4151 to reduce the 
broker's attack surface and mitigate potential CVEs. I think it's unlikely we 
will change the defaults, but we could certainly add something to the 
documentation. However, we need more details to make the documentation clear.

> Allow VisualVM to browse JMX Mbeans by default
> ----------------------------------------------
>
>                 Key: ARTEMIS-5262
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5262
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>         Environment: VisualVM 2.1.0 on Windows 10
> ActiveMQ Artemis 2.39.0 on Java 17
>            Reporter: Vilius Šumskas
>            Priority: Minor
>
> When testing Artemis' JMX functionality with VisualVM 2.1.10 and Mbeans 
> plugin installed I have found that I'm unable to browse JMX Mbeans by 
> default. It looks like permissions are to strict to paint the initial 
> VisualVM window.
> Adding the following configuration to *<role-access>* section of 
> *management.xml* should solve the issue:
> {code:xml}
>          <match domain="com.sun.management">
>             <access method="help" roles="amq"/>
>             <access method="jfrCheck" roles="amq"/>
>             <access method="vmCommandLine" roles="amq"/>
>          </match>{code}
> There is also an additional exception about VisualVM unable to call 
> gcClassHistogram, but since it doesn't block other VisualVM operations and I 
> didn't know if that's not too sensitive to allow by default, so I didn't add 
> it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to