[ https://issues.apache.org/jira/browse/TOMEE-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17105244#comment-17105244 ]
Jonathan Gallimore commented on TOMEE-2294: ------------------------------------------- [~Henskens] could you test with this snapshot please? https://repository.apache.org/content/groups/snapshots/org/apache/tomee/apache-tomee/8.0.2-SNAPSHOT/apache-tomee-8.0.2-20200512.041932-82-plus.tar.gz > Can't disable unauthenticated JMX on 1099 > ----------------------------------------- > > Key: TOMEE-2294 > URL: https://issues.apache.org/jira/browse/TOMEE-2294 > Project: TomEE > Issue Type: Bug > Components: TomEE Core Server > Reporter: Frans > Priority: Major > Fix For: 8.0.3 > > > ActiveMQ comes bundled with a JMX host that is default on unauthenticated on > port 1099. > {code:java} > <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter"> > BrokerXmlConfig = broker:(vm://broker)?useJmx=false > ServerUrl = vm://broker > </Resource>{code} > Tomee's resource configuration doesn't allow this to be disabled. The above > doesn't work. > This can be disabled by inspecting an activemq jar's manifest, pulling down > the same version of activemq-all, and putting that in the tomee/lib > directory, at which point this works: > {code:java} > <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter"> > BrokerXmlConfig = xbean:file:activemq.xml > ServerUrl = vm://broker > </Resource> > {code} > {code:java} > <broker xmlns="http://activemq.apache.org/schema/core" > useJmx="false" > brokerName="broker" > useShutdownHook="false" > persistent="true" > start="true" > schedulerSupport="false" > enableStatistics="false" > offlineDurableSubscriberTimeout="259200000" > offlineDurableSubscriberTaskSchedule="3600000"> > {code} > However, convincing the guy hosting the server to inspect JAR manifests, pull > down specific jars, and maintain a second configuration file seems like a lot > of effort to go to just to have the ability to disable unauthenticated access > to every MBean in the VM -- This message was sent by Atlassian Jira (v8.3.4#803005)