Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 4. Securing the Management Console


Abstract

The default setting for Access-Control-Allow-Origin header for the JBoss A-MQ Management Console permits unrestricted sharing. To restrict access to the JBoss A-MQ Management Console, an OSGI fragment bundle must be implemented.

4.1. Controlling Access to the Fuse Management Console

Contents of the Fragment Bundle

A fragment bundle that enables the jolokia-access.xml policy file can be used to restrict access without altering the original hawtio-web.war. A fragment bundle that contains the jolokia-access.xml policy file within the CORS configuration can be added to limit access to a certain host by using <allow-origin> sections within the <cors> sections. The <allow-origin> section can contain the origin URL provided by browsers with the Origin: header, or a wildcard specification with *. For example:
<cors>
   <!-- Allow cross origin access from www.jolokia.org ... -->
   <allow-origin>http://www.jolokia.org</allow-origin>
   <!-- ... and all servers from jmx4perl.org with any protocol -->
   <allow-origin>*://*.jmx4perl.org</allow-origin>
   <!-- Check for the proper origin on the server side, too -->
   <strict-checking/>
</cors>
Copy to Clipboard Toggle word wrap
Build the fragment bundle according to the insructions in the OSGI specifications at OSGi Developer Downloads. For more information about OSGi dependencies see Managing OSGi dependencies. Ensure that you add the Fragment-Host header in the Manifest.MF bundle. After building the fragment bundle, use the following command to install it:
install file:///Location_Of_Fragment_Bundle_file/hawtio-web-fragment/target/hawtio-web-fragment-1.2-redhat-379.jar
Copy to Clipboard Toggle word wrap
Hawtio-web must be refreshed to pick up the fragment bundle. Use the follwing comands to refresh the hawtio-web bundle:
To find out the hawtio-web bundle ID:
JBossFuse:karaf@root> la | grep -i hawtio
Copy to Clipboard Toggle word wrap
Identify the number for the hawtio-web bundle. In the example below, the number is 253:
[ 253] [Active     ] [            ] [       ] [   80] hawtio :: hawtio-web (1.4.0.redhat-621083)
Copy to Clipboard Toggle word wrap
Refresh the hawtio-web bundle using the following command:
JBossFuse:karaf@root> refresh 253
Copy to Clipboard Toggle word wrap
Repeat the la | grep -i hawtio command to see the hawtio-web line with the fragment bundle attached:
[ 253] [Active     ] [            ] [       ] [   80] hawtio :: hawtio-web (1.4.0.redhat-621083), Fragments: 270
Copy to Clipboard Toggle word wrap
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat