红帽全球峰会Red Hat AMQ 6
As of February 2025, Red Hat is no longer supporting Red Hat AMQ 6. If you are using AMQ 6, please upgrade: Migrating to AMQ 7.此内容没有您所选择的语言版本。
Chapter 4. Securing the Management Console
Abstract
The default setting for
Access-Control-Allow-Origin header for the JBoss A-MQ Management Console permits unrestricted sharing. To restrict access to the JBoss A-MQ Management Console, an OSGI fragment bundle must be implemented.
4.1. Controlling Access to the Fuse Management Console
复制链接链接已复制到粘贴板!
Contents of the Fragment Bundle
复制链接链接已复制到粘贴板!
A fragment bundle that enables the
jolokia-access.xml policy file can be used to restrict access without altering the original hawtio-web.war. A fragment bundle that contains the jolokia-access.xml policy file within the CORS configuration can be added to limit access to a certain host by using <allow-origin> sections within the <cors> sections. The <allow-origin> section can contain the origin URL provided by browsers with the Origin: header, or a wildcard specification with *. For example:
Build the fragment bundle according to the insructions in the OSGI specifications at OSGi Developer Downloads. For more information about OSGi dependencies see Managing OSGi dependencies. Ensure that you add the
Fragment-Host header in the Manifest.MF bundle. After building the fragment bundle, use the following command to install it:
install file:///Location_Of_Fragment_Bundle_file/hawtio-web-fragment/target/hawtio-web-fragment-1.2-redhat-379.jar
install file:///Location_Of_Fragment_Bundle_file/hawtio-web-fragment/target/hawtio-web-fragment-1.2-redhat-379.jar
Hawtio-web must be refreshed to pick up the fragment bundle. Use the follwing comands to refresh the hawtio-web bundle:
To find out the
hawtio-web bundle ID:
JBossFuse:karaf@root> la | grep -i hawtio
JBossFuse:karaf@root> la | grep -i hawtio
Identify the number for the
hawtio-web bundle. In the example below, the number is 253:
[ 253] [Active ] [ ] [ ] [ 80] hawtio :: hawtio-web (1.4.0.redhat-621083)
[ 253] [Active ] [ ] [ ] [ 80] hawtio :: hawtio-web (1.4.0.redhat-621083)
Refresh the
hawtio-web bundle using the following command:
JBossFuse:karaf@root> refresh 253
JBossFuse:karaf@root> refresh 253
Repeat the
la | grep -i hawtio command to see the hawtio-web line with the fragment bundle attached:
[ 253] [Active ] [ ] [ ] [ 80] hawtio :: hawtio-web (1.4.0.redhat-621083), Fragments: 270
[ 253] [Active ] [ ] [ ] [ 80] hawtio :: hawtio-web (1.4.0.redhat-621083), Fragments: 270
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}