[ https://issues.apache.org/jira/browse/AMQ-9477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré resolved AMQ-9477. --------------------------------------- Fix Version/s: 6.2.0 Resolution: Fixed > Secure Jolokia/API by default > ----------------------------- > > Key: AMQ-9477 > URL: https://issues.apache.org/jira/browse/AMQ-9477 > Project: ActiveMQ Classic > Issue Type: Bug > Components: Broker > Affects Versions: 6.0.0, 6.0.1, 6.1.0, 6.1.1 > Reporter: Jean-Baptiste Onofré > Assignee: Jean-Baptiste Onofré > Priority: Major > Fix For: 6.2.0, 6.1.2 > > > The default security constraint defined in {{conf/jetty.xml}} secure the > WebConsole. > However, it would make sense to secure all resources, including Jolokia and > REST API. > The security constraint should be updated to: > {code:java} > <bean id="securityConstraintMapping" > class="org.eclipse.jetty.security.ConstraintMapping"> > <property name="constraint" ref="securityConstraint" /> > <property name="pathSpec" value="/" /> > </bean> {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)