Security in Jolokia is provided on two levels: The transport channel (HTTP) is secured the standard way as it is defined in the JEE specifications. The agent itself can be configured to use a very fine grained policy which can restrict access on the MBean level for various parameters.
In especially, the policy can restrict access to:
The security definitions support a wildcard notation and allow/deny sections similar to the security setup of an Apache HTTP-Server.
The following example shows a sample policy file:
<restrict> <remote> <host>127.0.0.1</host> <host>localhost</host> <host>10.0.0.0/16</host> </remote> <cors> <allow-origin>http://www.jmx4perl.org</allow-origin> <allow-origin>*.jolokia.org</allow-origin> </cors> <commands> <command>read</command> <command>write</command> </commands> <allow> <mbean> <name>java.lang:type=Memory</name> <attribute mode="read">Verbose</attribute> <operation>gc</operation> </mbean> <mbean> <name>jolokia:type=Config</name> <operation>*</operation> </mbean> <mbean> <name>java.lang:type=Threading</name> <operation>findDeadlockedThreads</operation> </mbean> </allow> <deny> <mbean> <name>com.mchange.v2.c3p0:type=PooledDataSource,*</name> <attribute>properties</attribute> </mbean> </deny> </restrict>
This sample policy contains a ist of remote hosts which are allowed to access this agent. The name can be given as IP or FQDN. A subnetmask can be given, too, for specifying a subnet for the access. The netmask can be given either in CIDR format (e.g "/16") or as a full netmask (e.g. "/255.255.0.0").
The list of allowed commands, which are given in <commands> section determine which Jolokia operations are allowed in general. For each command type present, the principle behaviour is allow this command for all MBeans. To remove an MBean (attribute/operation), a <deny> section has to be added. For each command type missing, the command is disabled by default. For certain MBeans it can be selectively be enabled by using an <allow> section below. Within the allow and deny sections, MBean names and attribute/operation names can be specified with a pattern using wildcards (?,*)