[jira] [Resolved] (AMQ-9477) Secure Jolokia/API by default

Jira Wed, 10 Apr 2024 13:21:03 -0700


     [ 
https://issues.apache.org/jira/browse/AMQ-9477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved AMQ-9477.
---------------------------------------
    Fix Version/s: 6.2.0
       Resolution: Fixed

> Secure Jolokia/API by default
> -----------------------------
>
>                 Key: AMQ-9477
>                 URL: https://issues.apache.org/jira/browse/AMQ-9477
>             Project: ActiveMQ Classic
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 6.0.0, 6.0.1, 6.1.0, 6.1.1
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 6.2.0, 6.1.2
>
>
> The default security constraint defined in {{conf/jetty.xml}} secure the 
> WebConsole.
> However, it would make sense to secure all resources, including Jolokia and 
> REST API.
> The security constraint should be updated to:
> {code:java}
> <bean id="securityConstraintMapping" 
> class="org.eclipse.jetty.security.ConstraintMapping">
>   <property name="constraint" ref="securityConstraint" />
>   <property name="pathSpec" value="/" />
> </bean> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (AMQ-9477) Secure Jolokia/API by default

Reply via email to