пн, 13 июн. 2022 г. в 19:32, Christopher Schultz <ch...@christopherschultz.net>: > > All, > > I've been thinking about the possibility of making a read-only JMX role > available for the existing manager-jmx capability. > > [...] > > Does anyone think this is a good idea? >
I think it is a bad idea, because passwords (and maybe other secrets) are visible through JMX, by design. It might be worth to have some "status" role, but it has to be defined more specifically than just a "view all" role. Maybe the way to achieve the same result is to amend the server status page, which is already provided by the manager app and has a dedicated role. Best regards, Konstantin Kolinko. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
