Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Configuration of HawtIO
HawtIO and its plugins can configure their behaviours through System properties.
3.1. Configuration properties
The following table lists the configuration properties for the HawtIO core system and various plugins.
| System | Default | Description |
|---|---|---|
| hawtio.disableProxy | false | With this property set to true, ProxyServlet (/hawtio/proxy/*) can be disabled. This makes the Connect plugin unavailable, which means HawtIO can no longer connect to remote JVMs, but sometimes users might want to do so because of security if the Connect plugin is not used. |
| hawtio.localAddressProbing | true | Whether local address probing for proxy allowlist is enabled or not upon startup. Set this property to false to disable it. |
| hawtio.proxyAllowlist | localhost, 127.0.0.1 | Comma-separated allowlist for target hosts that Connect plugin can connect to via ProxyServlet. All hosts not listed in this allowlist are denied to connect for security reasons. This option can be set to * to allow all hosts. Prefixing an element of the list with "r:" allows to define a regex (example: localhost,r:myserver[0-9]+.mydomain.com) |
| hawtio.redirect.scheme | The scheme is to redirect the URL to the login page when authentication is required. | |
| hawtio.sessionTimeout | The maximum time interval, in seconds, that the servlet container will keep this session open between client accesses. If this option is not configured, then HawtIO uses the default session timeout of the servlet container. |
3.1.1. Quarkus
For Quarkus, all those properties are configurable in application.properties or application.yaml with the quarkus.hawtio prefix.
For example:
quarkus.hawtio.disableProxy = true
3.1.2. Spring Boot
For Spring Boot, all those properties are configurable in application.properties or application.yaml as is.
For example:
hawtio.disableProxy = true
3.2. Configuring Jolokia through system properties
The Jolokia agent is deployed automatically with io.hawt.web.JolokiaConfiguredAgentServlet that extends Jolokia native org.jolokia.http.AgentServlet class, defined in hawtio-war/WEB-INF/web.xml. If you want to customize the Jolokia Servlet with the configuration parameters that are defined in the Jolokia documentation, you can pass them as System properties prefixed with jolokia.
For example:
jolokia.policyLocation = file:///opt/hawtio/my-jolokia-access.xml
3.2.1. RBAC Restrictor
For some runtimes that support HawtIO RBAC (role-based access control), HawtIO provides a custom Jolokia Restrictor implementation that provides an additional layer of protection over JMX operations based on the ACL (access control list) policy.
You cannot use HawtIO RBAC with Quarkus and Spring Boot yet. Enabling the RBAC Restrictor on those runtimes only imposes additional load without any gains.
To activate the HawtIO RBAC Restrictor, configure the Jolokia parameter restrictorClass via System property to use io.hawt.web.RBACRestrictor as follows:
jolokia.restrictorClass = io.hawt.system.RBACRestrictor
