Tomcat provides extensive information on its internal components through JMX. You can see the data source, the use of connectors, the thread pools that you name.
However, it also provides a JDBC data source password (Catalina-> DataSource-> javax.sql.DataSource → ...). Is there any way to hide this information from publication?
We found a way to manage the JMX information displayed by modifying the mbeans-descriptors.xml files contained in the Tomcat distribution jar files, however we are looking for a way to do this without changing the distribution,
So, how can we hide the password field of the JDBC connection in Tomcat affected by JMX beans?
Regards, Bulent Erdemir
user89794
source share