Java Melody credentials

Regarding this addon (GitHub - cuba-platform/cuba-jm: CUBA app component that brings JavaMelody monitoring functionality), I think you guys have a security issue:

GitHub documentation says -
Configure monitoring dashboard authorization credentials with cubajm.authorizedUserLogin & cubajm.authorizedUserPassword application properties. The default values are admin, admin;

I did that, and it works for the middleware monitoring (/app-core/core-jm/). Though, for web client monitoring (/app/web-jm/) it doesn’t, but it works with the default admin/admin.

Do you know how can I just disable the web client monitoring for now?
I really like the tool and I want to enable it in production.


Hello @codrin

When you deploy your CUBA app as two applications (standard deployment, two WARs or single/dual UberJARs) you have to configure JavaMelody settings both for middleware and web client in the corresponding files: and

I’ve prepared a sample in which such configuration exists. Please take a look at this. (68.7 KB)