[TOMEE-2294] Can't disable unauthenticated JMX on 1099 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 7.1.1, 8.0.0-M3, 7.1.2, 8.0.1
Fix Version/s: 8.0.6
Component/s: TomEE Core Server
Labels:
None

Description

ActiveMQ comes bundled with a JMX host that is default on unauthenticated on port 1099.

<Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
  BrokerXmlConfig = broker:(vm://broker)?useJmx=false
  ServerUrl = vm://broker
</Resource>

Tomee's resource configuration doesn't allow this to be disabled. The above doesn't work.

This can be disabled by inspecting an activemq jar's manifest, pulling down the same version of activemq-all, and putting that in the tomee/lib directory, at which point this works:

<Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
  BrokerXmlConfig = xbean:file:activemq.xml
  ServerUrl = vm://broker
</Resource>

  <broker xmlns="http://activemq.apache.org/schema/core"
          useJmx="false"
          brokerName="broker"
          useShutdownHook="false"
          persistent="true"
          start="true"
          schedulerSupport="false"
          enableStatistics="false"
          offlineDurableSubscriberTimeout="259200000"
          offlineDurableSubscriberTaskSchedule="3600000">

However, convincing the guy hosting the server to inspect JAR manifests, pull down specific jars, and maintain a second configuration file seems like a lot of effort to go to just to have the ability to disable unauthenticated access to every MBean in the VM

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Frans

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 26/Nov/18 23:22

Updated:: 12/May/21 14:20

Resolved:: 12/May/21 14:20