Questo contenuto non è disponibile nella lingua selezionata.

Chapter 4. Securing the Fuse Console


To secure the Fuse Console on Spring Boot:

  • Disable the Fuse Console’s proxy servlet when deploying to AWS

    If you want to deploy a standalone Fuse application to Amazon Web Services (AWS), you should disable the Fuse Console’s proxy servlet by setting the hawtio.disableProxy system property to true.

    Note

    When you disable the Fuse Console proxy servlet, the Fuse Console’s Connect tab is disabled and you cannot connect to other JVMs from the Fuse Console. If you want to deploy more than one Fuse application on AWS, you must deploy the Fuse Console for each application.

  • Set HTTPS as the required protocol

    You can use the hawtio.http.strictTransportSecurity property to require web browsers to use the secure HTTPS protocol to access the Fuse Console. This property specifies that web browsers that try to use HTTP to access the Fuse Console must automatically convert the request to use HTTPS.

  • Use public keys to secure responses

    You can use the hawtio.http.publicKeyPins property to secure the HTTPS protocol by telling the web browser to associate a specific cryptographic public key with the Fuse Console to decrease the risk of “man-in-the-middle” attacks with forged certificates.

Procedure

  1. Set the hawtio.http.strictTransportSecurity and hawtio.http.publicKeyPins properties as shown in the following example:

    public static void main(String[] args) {
        System.setProperty("hawtio.http.strictTransportSecurity", "max-age=31536000; includeSubDomains; preload");
        System.setProperty("hawtio.http.publicKeyPins", "pin-sha256=cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs"; max-age=5184000; includeSubDomains");
        SpringApplication.run(YourSpringBootApplication.class, args);
    }
  2. (For deploying on AWS only) To disable the Fuse Console’s proxy servlet, set the hawtio.disableProxy property as shown in the following example:

    public static void main(String[] args) {
        System.setProperty("hawtio.disableProxy", "true");
    }

Additional resources

  • For a description of the hawtio.http.strictTransportSecurity property’s syntax, see the description page for the HTTP Strict Transport Security (HSTS) response header.
  • For a description of the hawtio.http.publicKeyPins property’s syntax, including instructions on how to extract the Base64 encoded public key, see the description page for the HTTP Public Key Pinning response header.
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.