corda/config/prod/jolokia-access.xml

<?xml version="1.0" encoding="utf-8"?>
<!--
  ~ R3 Proprietary and Confidential
  ~
  ~ Copyright (c) 2018 R3 Limited.  All rights reserved.
  ~
  ~ The intellectual and technical concepts contained herein are proprietary to R3 and its suppliers and are protected by trade secret law.
  ~
  ~ Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
  -->

<!-- Jolokia agent and MBean access policy based security -->
<!-- TODO: review these settings before production deployment -->
<restrict>
    <!-- IP based restrictions -->
    <remote>
        <!-- IP address, a host name, or a netmask given in CIDR format (e.g. "10.0.0.0/16" for all clients coming from the 10.0 network). -->
        <host>127.0.0.1</host>
        <host>localhost</host>
    </remote>
    <!-- commands for which access is granted: read, write, exec, list, search, version -->
    <commands>
        <command>version</command>
        <command>read</command>
    </commands>
    <!-- MBean access and deny restrictions -->
    <!-- HTTP method restrictions: get, post -->
    <http>
        <method>get</method>
    </http>
    <!-- Cross-Origin Resource Sharing (CORS) restrictions
         (by default, allow cross origin access from any host)
     -->
</restrict>
CORDA-822 - JMX Jolokia instrumentation (#2197) * JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening) * Cordformation changes to support jolokia agent instrumentation at JVM startup. * Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming) * Use relative path reference in -javaagent to prevent problem with long path names with spaces. * Fixed incorrect regex pattern and added assertion to test. * Enable JMX monitoring. * Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode) * Make Artemis JMX enablement configurable. * Re-instate banning of java serialization. * Improve JUnit. * Fixes following rebase from master. * Re-instated correct regex for picking up Jolokia agent jar. * Fixed broken integration test. * Updated documentation * Updated following PR review feedback. * Fixed compilation error caused by change in DriverDSL argument type. * Fixed compilation error caused by change in DriverDSL argument type. * Fail fast if jolokia-agent-jvm.jar is not located. * Applied changes in cordformation following review feedback from CA. 2017-12-08 16:27:12 +00:00			`<?xml version="1.0" encoding="utf-8"?>`
Introduced copyright in all source files. (#519) 2018-03-06 17:29:21 +00:00			`<!--`
			`~ R3 Proprietary and Confidential`
			`~`
			`~ Copyright (c) 2018 R3 Limited. All rights reserved.`
			`~`
			`~ The intellectual and technical concepts contained herein are proprietary to R3 and its suppliers and are protected by trade secret law.`
			`~`
			`~ Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.`
			`-->`

CORDA-822 - JMX Jolokia instrumentation (#2197) * JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening) * Cordformation changes to support jolokia agent instrumentation at JVM startup. * Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming) * Use relative path reference in -javaagent to prevent problem with long path names with spaces. * Fixed incorrect regex pattern and added assertion to test. * Enable JMX monitoring. * Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode) * Make Artemis JMX enablement configurable. * Re-instate banning of java serialization. * Improve JUnit. * Fixes following rebase from master. * Re-instated correct regex for picking up Jolokia agent jar. * Fixed broken integration test. * Updated documentation * Updated following PR review feedback. * Fixed compilation error caused by change in DriverDSL argument type. * Fixed compilation error caused by change in DriverDSL argument type. * Fail fast if jolokia-agent-jvm.jar is not located. * Applied changes in cordformation following review feedback from CA. 2017-12-08 16:27:12 +00:00			`<!-- Jolokia agent and MBean access policy based security -->`
			`<!-- TODO: review these settings before production deployment -->`
			`<restrict>`
			`<!-- IP based restrictions -->`
			`<remote>`
			`<!-- IP address, a host name, or a netmask given in CIDR format (e.g. "10.0.0.0/16" for all clients coming from the 10.0 network). -->`
			`<host>127.0.0.1</host>`
			`<host>localhost</host>`
			`</remote>`
			`<!-- commands for which access is granted: read, write, exec, list, search, version -->`
			`<commands>`
			`<command>version</command>`
			`<command>read</command>`
			`</commands>`
			`<!-- MBean access and deny restrictions -->`
			`<!-- HTTP method restrictions: get, post -->`
			`<http>`
			`<method>get</method>`
			`</http>`
			`<!-- Cross-Origin Resource Sharing (CORS) restrictions`
			`(by default, allow cross origin access from any host)`
			`-->`
			`</restrict>`