Security / Jolokia update. (#7501)

Avoid authenticated user to access more info than needed.

pom.xml

@@ -1610,7 +1610,7 @@
     <log4j2.version>2.17.2</log4j2.version>
     <slf4j.version>1.8.0-beta2</slf4j.version>
     <xbean.version>4.22</xbean.version>
-    <jolokia.version>1.6.0</jolokia.version>
+    <jolokia.version>1.7.2</jolokia.version>
     <httpcomponents.version>4.5.14</httpcomponents.version>
     <jasypt.version>1.9.3</jasypt.version>
     <jupiter.version>5.9.1</jupiter.version>

web/src/main/resources/jolokia-access.xml

@@ -1,12 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
-
 <restrict>
-
     <commands>
         <command>read</command>
-        <command>list</command>
-        <command>version</command>
-        <command>search</command>
     </commands>
-
-</restrict>
+</restrict>

web/src/main/webapp/WEB-INF/config-security/config-security-core.xml

@@ -38,7 +38,8 @@
       <list>
         <!-- TODO: This needs to be secured to not access private info -->
         <sec:filter-chain pattern="/index/**" filters=""/>
-        <sec:filter-chain pattern="/jolokia/**" filters="securityContextPersistenceFilter, authenticatedUserFilter"/>
+        <sec:filter-chain pattern="/jolokia" filters="securityContextPersistenceFilter, authenticatedUserFilter"/>
+        <sec:filter-chain pattern="/jolokia/read/geonetwork-**" filters="securityContextPersistenceFilter, authenticatedUserFilter"/>
         <sec:filter-chain pattern="/dashboards/**" filters="securityContextPersistenceFilter, basicAuthenticationFilter, authenticatedUserFilter"/>
         <sec:filter-chain pattern="/doc/**" filters=""/>
         <sec:filter-chain pattern="/api/**" filters=""/>