AMQ-9201 - Update Jolokia default access configuration

(cherry picked from commit 6120169)
apache · Feb 9, 2023 · 5c8d457 · 5c8d457
1 parent 6edc4d3
commit 5c8d457
Showing 1 changed file with 33 additions and 1 deletion.
diff --git a/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml b/assembly/src/release/webapps/api/WEB-INF/classes/jolokia-access.xml
@@ -22,8 +22,35 @@
     <strict-checking/>
   </cors>
 
-  <!-- deny calling operations or getting attributes from these mbeans -->
+  <!-- By default don't allow write or exec operations -->
+  <commands>
+    <command>read</command>
+    <command>list</command>
+    <command>version</command>
+    <command>search</command>
+  </commands>
+
+  <allow>
+    <!-- Allow all operations for the broker itself -->
+    <mbean>
+      <name>org.apache.activemq:*</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
+    <!-- Allow all operations for Jolokia Config -->
+    <mbean>
+      <name>jolokia:type=Config</name>
+      <operation>*</operation>
+    </mbean>
+  </allow>
+
+  <!-- deny all operations or getting attributes from these mbeans -->
   <deny>
+    <mbean>
+      <name>org.apache.logging.log4j2:*</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
     <mbean>
       <name>com.sun.management:type=DiagnosticCommand</name>
       <attribute>*</attribute>
@@ -34,6 +61,11 @@
       <attribute>*</attribute>
       <operation>*</operation>
     </mbean>
+    <mbean>
+      <name>jdk.management.jfr:type=FlightRecorder</name>
+      <attribute>*</attribute>
+      <operation>*</operation>
+    </mbean>
   </deny>
 
 </restrict>