Java Melody credentials

Regarding this addon (https://github.com/cuba-platform/cuba-jm), I think you guys have a security issue:

GitHub documentation says -
Configure monitoring dashboard authorization credentials with cubajm.authorizedUserLogin & cubajm.authorizedUserPassword application properties. The default values are admin, admin;

I did that, and it works for the middleware monitoring (/app-core/core-jm/). Though, for web client monitoring (/app/web-jm/) it doesn’t, but it works with the default admin/admin.

Do you know how can I just disable the web client monitoring for now?
I really like the tool and I want to enable it in production.

Thanks,
-c

Hello @codrin

When you deploy your CUBA app as two applications (standard deployment, two WARs or single/dual UberJARs) you have to configure JavaMelody settings both for middleware and web client in the corresponding files: app.properties and web-app.properties.

I’ve prepared a sample in which such configuration exists. Please take a look at this.

jm-test.zip (68.7 KB)

Regards,
Daniil.