-
Feature Request
-
Resolution: Done
-
Critical
-
7.0, 7.0.3
-
Weeks 38, 39 (Sep 18 - 29), Weeks 48, 49 (Nov 27-Dec 8), Weeks 2, 3 (Jan 8 - 19, 2018), Weeks 4, 5 (Jan 22 - Feb 2), Weeks 6, 7 (Feb 5 - 16)
-
Release Notes, Compatibility/Configuration
https://issues.jboss.org/browse/ENTMQBR-827 for 7.1 provides a jolokia-access.xml policy file for jolokia that restricts origins to localhost.
In 7.0.3 there is no restriction. The web endpoint is restricted to localhost but not the origins.
We need to doc the approach in ENTMQBR-827 via the use of a system-property that sets with a url to a policy file that restricts access to just the host of the web-console.
-Djolokia.policyLocation=file:etc/jolokia-access.xml
This has been done for 6.x via: https://issues.jboss.org/browse/FUSEDOC-1393
- relates to
-
-
- Closed
-
