tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Zowalla (Jira)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-2294) Can't disable unauthenticated JMX on 1099
Date Mon, 09 Sep 2019 18:18:00 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-2294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16925973#comment-16925973
] 

Richard Zowalla commented on TOMEE-2294:
----------------------------------------

Hi,

I was trying to reproduce this issue.

 

What I did:

1. Fetched TomEE Plume 8.0.0-M3 

2. Configured tomee.xml as follows
{code:java}
<?xml version="1.0" encoding="UTF-8"?>
<tomee>
    <Resource id="MyJmsResourceAdapter" type="ActiveMQResourceAdapter">
        BrokerXmlConfig =  broker:(vm://broker)
        ServerUrl       =  vm://broker
    </Resource>

    <Resource id="MyJmsConnectionFactory" type="javax.jms.ConnectionFactory">
        ResourceAdapter = MyJmsResourceAdapter
    </Resource>

    <Container id="MyJmsMdbContainer" ctype="MESSAGE">
        ResourceAdapter = MyJmsResourceAdapter
    </Container>

    <Resource id="FooQueue" type="javax.jms.Queue"/>
    <Resource id="BarTopic" type="javax.jms.Topic"/>
</tomee>

{code}
  3. Startup the TomEE -> JMX connection via 1099 is possible as described in the issue.

  4. Shutdown TomEE and change tomee.xml to 
{code:java}
<?xml version="1.0" encoding="UTF-8"?>
<tomee>
    <Resource id="MyJmsResourceAdapter" type="ActiveMQResourceAdapter">
        BrokerXmlConfig =  broker:(vm://broker)?useJmx=false
        ServerUrl       =  vm://broker
    </Resource>

    <Resource id="MyJmsConnectionFactory" type="javax.jms.ConnectionFactory">
        ResourceAdapter = MyJmsResourceAdapter
    </Resource>

    <Container id="MyJmsMdbContainer" ctype="MESSAGE">
        ResourceAdapter = MyJmsResourceAdapter
    </Container>

    <Resource id="FooQueue" type="javax.jms.Queue"/>
    <Resource id="BarTopic" type="javax.jms.Topic"/>
</tomee>
{code}

 5. Startup Tomee and check open ports. No 1099 appears. 

I used the config provided here https://tomee.apache.org/latest/docs/jms-resources-and-mdb-container.html
for testing purpose.

Did you check this behaviour with TomEE 8.0.0-M3 ?

> Can't disable unauthenticated JMX on 1099
> -----------------------------------------
>
>                 Key: TOMEE-2294
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2294
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>            Reporter: Frans
>            Priority: Major
>             Fix For: 8.0.0-Final
>
>
> ActiveMQ comes bundled with a JMX host that is default on unauthenticated on port 1099.
> {code:java}
> <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
>   BrokerXmlConfig = broker:(vm://broker)?useJmx=false
>   ServerUrl = vm://broker
> </Resource>{code}
> Tomee's resource configuration doesn't allow this to be disabled. The above doesn't work.
> This can be disabled by inspecting an activemq jar's manifest, pulling down the same
version of activemq-all, and putting that in the tomee/lib directory, at which point this
works:
> {code:java}
> <Resource id="JmsResourceAdapter" type="ActiveMQResourceAdapter">
>   BrokerXmlConfig = xbean:file:activemq.xml
>   ServerUrl = vm://broker
> </Resource>
> {code}
> {code:java}
>   <broker xmlns="http://activemq.apache.org/schema/core"
>           useJmx="false"
>           brokerName="broker"
>           useShutdownHook="false"
>           persistent="true"
>           start="true"
>           schedulerSupport="false"
>           enableStatistics="false"
>           offlineDurableSubscriberTimeout="259200000"
>           offlineDurableSubscriberTaskSchedule="3600000">
> {code}
> However, convincing the guy hosting the server to inspect JAR manifests, pull down specific
jars, and maintain a second configuration file seems like a lot of effort to go to just to
have the ability to disable unauthenticated access to every MBean in the VM



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message