Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #1723

This commit is contained in:
Martyn Taylor 2017-12-18 11:30:18 +00:00
parent 4928269ad8 0a2e143de5
commit aa3b29080c
6 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/management.xml
View File

@ -29,7 +29,7 @@
<access method="*" roles="amq"/> <access method="*" roles="amq"/>
</default-access> </default-access>
<role-access> <role-access>
<match domain="org.apache.activemq.apache"> <match domain="org.apache.activemq.artemis">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>
@ -37,7 +37,7 @@
<access method="*" roles="amq"/> <access method="*" roles="amq"/>
</match> </match>
<!--example of how to configure a specific object--> <!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues"> <!--<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>

10
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
View File

@ -186,11 +186,11 @@ public class JMXAccessControlList {
accessControlList.addToWhiteList("hawtio", "type=*"); accessControlList.addToWhiteList("hawtio", "type=*");
accessControlList.addToRoleAccess("org.apache.activemq.apache", null, "list*", "view", "update", "amq"); accessControlList.addToRoleAccess("org.apache.activemq.artemis", null, "list*", "view", "update", "amq");
accessControlList.addToRoleAccess("org.apache.activemq.apache", null,"get*", "view", "update", "amq"); accessControlList.addToRoleAccess("org.apache.activemq.artemis", null,"get*", "view", "update", "amq");
accessControlList.addToRoleAccess("org.apache.activemq.apache", null,"is*", "view", "update", "amq"); accessControlList.addToRoleAccess("org.apache.activemq.artemis", null,"is*", "view", "update", "amq");
accessControlList.addToRoleAccess("org.apache.activemq.apache", null,"set*","update", "amq"); accessControlList.addToRoleAccess("org.apache.activemq.artemis", null,"set*","update", "amq");
accessControlList.addToRoleAccess("org.apache.activemq.apache", null,"*", "amq"); accessControlList.addToRoleAccess("org.apache.activemq.artemis", null,"*", "amq");
accessControlList.addToDefaultAccess("list*", "view", "update", "amq"); accessControlList.addToDefaultAccess("list*", "view", "update", "amq");
accessControlList.addToDefaultAccess("get*", "view", "update", "amq"); accessControlList.addToDefaultAccess("get*", "view", "update", "amq");

14
docs/user-manual/en/management.md
View File

@ -329,7 +329,7 @@ the default configuration looks like:
```xml ```xml
<role-access> <role-access>
<match domain="org.apache.activemq.apache"> <match domain="org.apache.activemq.artemis">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>
@ -338,11 +338,11 @@ the default configuration looks like:
</match> </match>
</role-access> </role-access>
``` ```
This contains 1 match and will be applied to any mBean that has the domain `org.apache.activemq.apache`. This contains 1 match and will be applied to any mBean that has the domain `org.apache.activemq.artemis`.
Any access to any mBeans that have this domain are controlled by the `access` elements which contain a Any access to any mBeans that have this domain are controlled by the `access` elements which contain a
method and a set of roles. The method being invoked will be used to pick the closest matching method and method and a set of roles. The method being invoked will be used to pick the closest matching method and
the roles for this will be applied for access. For instance if you try the invoke a method called `listMessages` on an mBean the roles for this will be applied for access. For instance if you try the invoke a method called `listMessages` on an mBean
with the `org.apache.activemq.apache` domain then this would match the `access` with the method of `list*`. with the `org.apache.activemq.artemis` domain then this would match the `access` with the method of `list*`.
You could also explicitly configure this by using the full method name, like so: You could also explicitly configure this by using the full method name, like so:
```xml ```xml
@ -352,7 +352,7 @@ You can also match specific mBeans within a domain by adding a key attribute tha
on the mBean, like: on the mBean, like:
```xml ```xml
<match domain="org.apache.activemq.apache" key="subcomponent=queues"> <match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>
@ -367,7 +367,7 @@ You could also match a specific queue for instance :
by configuring: by configuring:
```xml ```xml
<match domain="org.apache.activemq.apache" key="queue=exampleQueue"> <match domain="org.apache.activemq.artemis" key="queue=exampleQueue">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>
@ -377,7 +377,7 @@ by configuring:
``` ```
Access to JMX mBean attributes are converted to method calls so these are controlled via the `set*`, `get*` and `is*`. Access to JMX mBean attributes are converted to method calls so these are controlled via the `set*`, `get*` and `is*`.
The `*` access is the catch all for everything other method that isnt specifically matched. The `*` access is the catch all for everything other method that isn't specifically matched.
The `default-access` element is basically the catch all for every method call that isn't handled via the `role-access` configuration. The `default-access` element is basically the catch all for every method call that isn't handled via the `role-access` configuration.
This has teh same semantics as a `match` element. This has teh same semantics as a `match` element.
@ -393,7 +393,7 @@ either have to disable authentication, by removing the `authentication` element
By default remote JMX access to Artemis is disabled for security reasons. By default remote JMX access to Artemis is disabled for security reasons.
Artemis has a JMX agent which allows access to JMX mBeans remotely. This is configured via the `connector` element in the Artemis has a JMX agent which allows access to JMX mBeans remotely. This is configured via the `connector` element in the
`management.xml` configuration file. To enable this you simpl ad the following xml: `management.xml` configuration file. To enable this you simply add the following xml:
```xml ```xml
<connector connector-port="1099"/> <connector connector-port="1099"/>

4
examples/features/standard/jmx-ssl/src/main/resources/activemq/server0/management.xml
View File

@ -36,7 +36,7 @@
<access method="*" roles="amq,guest"/> <access method="*" roles="amq,guest"/>
</default-access> </default-access>
<role-access> <role-access>
<match domain="org.apache.activemq.apache"> <match domain="org.apache.activemq.artemis">
<access method="list*" roles="view,update,amq,guest"/> <access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/> <access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/> <access method="is*" roles="view,update,amq,guest"/>
@ -44,7 +44,7 @@
<access method="*" roles="amq,guest"/> <access method="*" roles="amq,guest"/>
</match> </match>
<!--example of how to configure a specific object--> <!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues"> <!--<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>

4
examples/features/standard/jmx/src/main/resources/activemq/server0/management.xml
View File

@ -29,7 +29,7 @@
<access method="*" roles="amq,guest"/> <access method="*" roles="amq,guest"/>
</default-access> </default-access>
<role-access> <role-access>
<match domain="org.apache.activemq.apache"> <match domain="org.apache.activemq.artemis">
<access method="list*" roles="view,update,amq,guest"/> <access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/> <access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/> <access method="is*" roles="view,update,amq,guest"/>
@ -37,7 +37,7 @@
<access method="*" roles="amq,guest"/> <access method="*" roles="amq,guest"/>
</match> </match>
<!--example of how to configure a specific object--> <!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues"> <!--<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>

4
examples/features/standard/message-counters/src/main/resources/activemq/server0/management.xml
View File

@ -29,7 +29,7 @@
<access method="*" roles="amq, guest"/> <access method="*" roles="amq, guest"/>
</default-access> </default-access>
<role-access> <role-access>
<match domain="org.apache.activemq.apache"> <match domain="org.apache.activemq.artemis">
<access method="list*" roles="view,update,amq,guest"/> <access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/> <access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/> <access method="is*" roles="view,update,amq,guest"/>
@ -37,7 +37,7 @@
<access method="*" roles="amq,guest"/> <access method="*" roles="amq,guest"/>
</match> </match>
<!--example of how to configure a specific object--> <!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues"> <!--<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/> <access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/> <access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/> <access method="is*" roles="view,update,amq"/>