[ https://issues.apache.org/jira/browse/TOMEE-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17136378#comment-17136378 ]
Jonathan Gallimore commented on TOMEE-2294: ------------------------------------------- Could you verify any of TomEE 7.1.3, 7.0.8 or 8.0.2? I included a fix specifically for this issue. It sounds like you tried 7.1.3, and had some success there Could you also drop me an email directly on jgallimore at apache dot org? Thanks Jon > Can't disable unauthenticated JMX on 1099 > ----------------------------------------- > > Key: TOMEE-2294 > URL: https://issues.apache.org/jira/browse/TOMEE-2294 > Project: TomEE > Issue Type: Bug > Components: TomEE Core Server > Reporter: Frans > Priority: Major > Fix For: 8.0.3 > > > ActiveMQ comes bundled with a JMX host that is default on unauthenticated on > port 1099. > {code:java} > <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter"> > BrokerXmlConfig = broker:(vm://broker)?useJmx=false > ServerUrl = vm://broker > </Resource>{code} > Tomee's resource configuration doesn't allow this to be disabled. The above > doesn't work. > This can be disabled by inspecting an activemq jar's manifest, pulling down > the same version of activemq-all, and putting that in the tomee/lib > directory, at which point this works: > {code:java} > <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter"> > BrokerXmlConfig = xbean:file:activemq.xml > ServerUrl = vm://broker > </Resource> > {code} > {code:java} > <broker xmlns="http://activemq.apache.org/schema/core" > useJmx="false" > brokerName="broker" > useShutdownHook="false" > persistent="true" > start="true" > schedulerSupport="false" > enableStatistics="false" > offlineDurableSubscriberTimeout="259200000" > offlineDurableSubscriberTaskSchedule="3600000"> > {code} > However, convincing the guy hosting the server to inspect JAR manifests, pull > down specific jars, and maintain a second configuration file seems like a lot > of effort to go to just to have the ability to disable unauthenticated access > to every MBean in the VM -- This message was sent by Atlassian Jira (v8.3.4#803005)