[jmx.xml] Detail access details methods for JMX info over HTTP

[joewiz]

From @dizzzz in eXist-db/exist#1396:

I realise that the documentation [namely, the JMX article] is not complete; it should be added that the JMX information is only accessible via the HTTP interface when

• the client access the API on localhost
• a token is provided when accessing the API from remote

On the security implications of these JMX ports:

So your data is safe. Exist-db does not provide a way of having parts of the HTTP interface exposed via different HTTP ports, I guess that is not the intention of an application server. For these use cases it is a better to look at a nginx based reverse proxy, and have the 8080 port not externally exposed. This is a typical setup for production environments anyway.

[duncdrum]

@dizzzz in light of your recent work on jmx and any more work necessary in that area for 5.0.0 could you revisit this?

[duncdrum]

@dizzzz could you please take a look and confirm that all changes to jmx for 5.0.0 match what is in the docs?