Security in Jolokia is provided on two levels: The transport channel (HTTP) is secured the standard way as it is defined in the Java EE specifications. The agent itself can be configured to use a very fine grained policy which can restrict access on the MBean level for various parameters.

In especially, the policy can restrict access to:

  • certain client host IPs or subnets
  • certain Jolokia operations (read, exec, list, search)
  • specific MBean attributes (read and write) and operations

The security definitions support a wildcard notation and allow/deny sections similar to the security setup of an Apache HTTP-Server.


The following example shows a sample policy file:






      <attribute mode="read">Verbose</attribute>



This sample policy contains a ist of remote hosts which are allowed to access this agent. The name can be given as IP or FQDN. A subnetmask can be given, too, for specifying a subnet for the access. The netmask can be given either in CIDR format (e.g "/16") or as a full netmask (e.g. "/").

The list of allowed commands, which are given in <commands> section determine which Jolokia operations are allowed in general. For each command type present, the principle behaviour is allow this command for all MBeans. To remove an MBean (attribute/operation), a <deny> section has to be added. For each command type missing, the command is disabled by default. For certain MBeans it can be selectively be enabled by using an <allow> section below. Within the allow and deny sections, MBean names and attribute/operation names can be specified with a pattern using wildcards (?,*)