mirror of
https://github.com/corda/corda.git
synced 2024-12-21 05:53:23 +00:00
4762569200
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening) * Cordformation changes to support jolokia agent instrumentation at JVM startup. * Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming) * Use relative path reference in -javaagent to prevent problem with long path names with spaces. * Fixed incorrect regex pattern and added assertion to test. * Enable JMX monitoring. * Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode) * Make Artemis JMX enablement configurable. * Re-instate banning of java serialization. * Improve JUnit. * Fixes following rebase from master. * Re-instated correct regex for picking up Jolokia agent jar. * Fixed broken integration test. * Updated documentation * Updated following PR review feedback. * Fixed compilation error caused by change in DriverDSL argument type. * Fixed compilation error caused by change in DriverDSL argument type. * Fail fast if jolokia-agent-jvm.jar is not located. * Applied changes in cordformation following review feedback from CA.
24 lines
926 B
XML
24 lines
926 B
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- Jolokia agent and MBean access policy based security -->
|
|
<!-- TODO: review these settings before production deployment -->
|
|
<restrict>
|
|
<!-- IP based restrictions -->
|
|
<remote>
|
|
<!-- IP address, a host name, or a netmask given in CIDR format (e.g. "10.0.0.0/16" for all clients coming from the 10.0 network). -->
|
|
<host>127.0.0.1</host>
|
|
<host>localhost</host>
|
|
</remote>
|
|
<!-- commands for which access is granted: read, write, exec, list, search, version -->
|
|
<commands>
|
|
<command>version</command>
|
|
<command>read</command>
|
|
</commands>
|
|
<!-- MBean access and deny restrictions -->
|
|
<!-- HTTP method restrictions: get, post -->
|
|
<http>
|
|
<method>get</method>
|
|
</http>
|
|
<!-- Cross-Origin Resource Sharing (CORS) restrictions
|
|
(by default, allow cross origin access from any host)
|
|
-->
|
|
</restrict> |