Tomcat - unable to filter out catalina users

classic Classic list List threaded Threaded
2 messages Options
MarcinP MarcinP
Reply | Threaded
Open this post in threaded view
|

Tomcat - unable to filter out catalina users

Hi all
I've got jolokia-1.6.war deployed on Tomcat (8.0 and 9.0)
By default jolokia exports all mbeans.

How can I deny some values (that is I can't build a working path in jolokia-access.xml ) for this embedded Tomcat users database?

  <deny>
    <mbean>
    <mbean>
     
      <name>org.apache.catalina.users.MemoryUser:type=User,*</name>
      <attribute>*</attribute>
    </mbean>
  </deny>


For example tomcat /manager/jmxproxy displays:

Name: Users:type=User,username="tomcatstatus",database=UserDatabase
modelerType: org.apache.catalina.mbeans.UserMBean
password: XXXX
roles: Array[java.lang.String] of length 1
        Users:type=Role,rolename="manager-gui",database=UserDatabase
groups: Array[java.lang.String] of length 0
username: tomcatstatus

and in the same moment jolokia request /jolokia/search/Users:type=User,username="tomcatstatus"
returns:
{"request":{"mbean":"Users:type=User,username=\"tomcatstatus\"","type":"search"},"value":[],"timestamp":1533044943,"status":200}

(and no password...)
Still, I would hide the result of
/jolokia/search/Users:type=*,*




roland roland
Reply | Threaded
Open this post in threaded view
|

Re: Tomcat - unable to filter out catalina users

Why not then just filter on "Users:type=User,*" ? in the blacklist
... roland