It would be very helpful in some circumstances if Fabric had a way to provide a custom jolokia-access.xml file, so that customers could provide more fine-grained access control policies.
A bug was raised for this (
FABRIC-1145) but nothing was implemented. A way was described to work around the limitation by providing a suitable file in a fragment bundle that could be applied over the Hawtio bundle. Although this does work, it is not very convenient.
I suspect that
FABRIC-1145 was not followed up because it was felt that the more restrictive access to the Hawtio console in 6.2.x would be sufficient. However, some customers need more control than simply on/off. In particular, some customers want to set up custom cross-origin resource sharing (CORS) policies, which Hawtio does support, but only with specific configuration.
Perhaps jolokia-access.xml could be read from the profile, rather than from the bundle classpath?