db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1324773 - in /db/derby/docs/trunk/src: adminguide/ devguide/
Date Wed, 11 Apr 2012 14:11:40 GMT
Author: chaase3
Date: Wed Apr 11 14:11:39 2012
New Revision: 1324773

URL: http://svn.apache.org/viewvc?rev=1324773&view=rev
Log:
DERBY-5637  Document Derby's JMX capabilities and how to disable them

Added 12 new Admin Guide topics based on John Embretsen's Derby wiki information at http://wiki.apache.org/db-derby/DerbyJMXQuickStart and http://wiki.apache.org/db-derby/DerbyJMX. Also modified 2 Admin Guide and 2 Developer's Guide topics. This is an interim commit; more changes will follow.

Patch: DERBY-5637.diff

Added:
    db/derby/docs/trunk/src/adminguide/cadminjmxoverview.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxcode.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxenabledisable.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxenablenoauth.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxenablepwd.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxenablesimpleauth.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxintro.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxjconsole.dita   (with props)
    db/derby/docs/trunk/src/adminguide/radminjmxtroubleshoot.dita   (with props)
Modified:
    db/derby/docs/trunk/src/adminguide/cadminconfig86869.dita
    db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
    db/derby/docs/trunk/src/adminguide/tadminconfigsysteminformation.dita
    db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita
    db/derby/docs/trunk/src/devguide/cdevsetprop824983.dita

Modified: db/derby/docs/trunk/src/adminguide/cadminconfig86869.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminconfig86869.dita?rev=1324773&r1=1324772&r2=1324773&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminconfig86869.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminconfig86869.dita Wed Apr 11 14:11:39 2012
@@ -37,16 +37,9 @@ limitations under the License.
             database engine are loaded by the Java application</li>
     </ul>
 <p>You can use Java Management Extensions (JMX) technology to monitor and manage
-<ph conref="../conrefs.dita#prod/productshortname"></ph> and the Network Server. For information on how
-to do this, visit the wiki page
-<xref format="html" href="http://wiki.apache.org/db-derby/DerbyJMX"
-scope="external">http://wiki.apache.org/db-derby/DerbyJMX</xref> and refer to
-the API documentation for the packages <codeph>org.apache.derby.mbeans</codeph>
-and <codeph>org.apache.derby.mbeans.drda</codeph>. For information on JMX
-technology, see
-<xref format="html" href="http://download.oracle.com/javase/6/docs/technotes/guides/jmx/"
-scope="external">http://download.oracle.com/javase/6/docs/technotes/guides/jmx/</xref>.
-</p>
+<ph conref="../conrefs.dita#prod/productshortname"></ph> and the Network Server.
+For information on how to do this, see
+<xref href="cadminjmxoverview.dita#cadminjmxoverview"></xref>.</p>
 <p>
 You can manage the Network Server by using shell scripts, the command line,
 or the Network Server API.

Added: db/derby/docs/trunk/src/adminguide/cadminjmxoverview.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminjmxoverview.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminjmxoverview.dita (added)
+++ db/derby/docs/trunk/src/adminguide/cadminjmxoverview.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
+ "../dtd/concept.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<concept id="cadminjmxoverview" xml:lang="en-us">
+<title>Using Java Management Extensions (JMX) technology</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>using</indexterm></indexterm>
+<indexterm>MBeans<indexterm>using</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<conbody>
+<p><ph conref="../conrefs.dita#prod/productshortname"></ph> includes a set of
+MBeans (Managed Beans) and their attributes and operations, providing monitoring
+and management capabilities. Before using the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans, you should have
+a basic understanding of JMX technology. A good source of information is the
+"Monitoring and Management for the Java Platform" web page at <xref format="html"
+href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/"
+scope="external">http://docs.oracle.com/javase/7/docs/technotes/guides/management/
+</xref>.</p>
+<p>The <ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans
+instrument one or more parts of a running
+<ph conref="../conrefs.dita#prod/productshortname"></ph> system. This
+instrumentation gives you real-time access to
+<ph conref="../conrefs.dita#prod/productshortname"></ph>-specific information
+and features from a host of your choice, if you configure your Java Virtual
+Machine (JVM) and the <ph conref="../conrefs.dita#prod/productshortname"></ph>
+security features to enable this access.</p>
+<p>The <ph conref="../conrefs.dita#prod/productshortname"></ph> JMX features are
+automatically available when
+<ph conref="../conrefs.dita#prod/productshortname"></ph> is started in a JVM
+that supports the platform MBean Server. Java SE 5 and subsequent releases all
+support JMX technology.</p>
+<p>You start <ph conref="../conrefs.dita#prod/productshortname"></ph> by loading
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> embedded driver. If
+you are using the <ph conref="../conrefs.dita#prod/productshortname"></ph>
+Network Server, the embedded driver is automatically loaded in the server JVM
+when the server is started.</p>
+<p>You may access the <ph conref="../conrefs.dita#prod/productshortname"></ph>
+MBeans by using an existing JMX client utility such as JConsole, or
+programmatically by writing your own Java code that uses JMX.</p>
+</conbody>
+</concept>

Propchange: db/derby/docs/trunk/src/adminguide/cadminjmxoverview.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap?rev=1324773&r1=1324772&r2=1324773&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap (original)
+++ db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap Wed Apr 11 14:11:39 2012
@@ -294,6 +294,20 @@ navtitle="Setting Network Server propert
 <topicref href="tadminconfigverifyingstartup.dita" navtitle="Verifying Startup">
 </topicref>
 </topicref>
+<topicref collection-type="family" href="cadminjmxoverview.dita" navtitle="Using Java Management Extensions (JMX) technology">
+<topicref href="radminjmxintro.dita" navtitle="Introduction to the Derby MBeans"></topicref>
+<topicref collection-type="family" href="radminjmxenabledisable.dita" navtitle="Enabling and disabling JMX">
+<topicref href="radminjmxenablenoauth.dita" navtitle="Enabling remote JMX with no authentication or SSL"></topicref>
+<topicref href="radminjmxenablepwd.dita" navtitle="Enabling remote JMX with password authentication only"></topicref>
+<topicref href="radminjmxenablepwdssl.dita" navtitle="Enabling remote JMX with password authentication and SSL"></topicref>
+<topicref href="radminjmxenablesimpleauth.dita" navtitle="Simple authorization using an access file"></topicref>
+<topicref href="radminjmxenablepolicy.dita" navtitle="Fine-grained authorization using a security policy"></topicref>
+<topicref href="radminjmxdisable.dita" navtitle="Disabling access to MBeans"></topicref>
+</topicref>
+<topicref href="radminjmxjconsole.dita" navtitle="Using JConsole to access the Derby MBeans"></topicref>
+<topicref href="radminjmxcode.dita" navtitle="Using custom Java code to access the Derby MBeans"></topicref>
+<topicref href="radminjmxtroubleshoot.dita" navtitle="Troubleshooting JMX connection issues"></topicref>
+</topicref>
 <topicref collection-type="family" href="cadminservlet98430.dita" navtitle="Managing the Derby Network Server remotely by using the servlet interface">
 <topicref href="radminservlet810694.dita" navtitle="Start-up page"></topicref>
 <topicref href="radminservlet810717.dita" navtitle="Running page"></topicref>

Added: db/derby/docs/trunk/src/adminguide/radminjmxcode.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxcode.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxcode.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxcode.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,207 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxcode" xml:lang="en-us">
+<title>Using custom Java code to access the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>using custom Java code</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>In addition to using a tool like JConsole, you can also access the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans from a Java
+application. How to do this may depend on how you configure the JVM that is
+running <ph conref="../conrefs.dita#prod/productshortname"></ph>, how you
+configure user authentication and authorization, or the host(s) from which you
+want to access the MBeans.</p>
+<p>This section has some example code to help you get started. It is assumed
+that the client JVM supports Java SE 5, 6, or 7. You will find the JMX classes
+you need in the packages <codeph>javax.management</codeph> and
+<codeph>javax.management.remote</codeph>.</p>
+<p>You do not need any <ph conref="../conrefs.dita#prod/productshortname"></ph>
+libraries in the JMX client application's classpath (unless MBean proxies are
+used).</p>
+</section>
+<section id="connmbeanserver"><title>Connecting to the MBean Server</title>
+<p><ph conref="../conrefs.dita#prod/productshortname"></ph> will attempt to
+register its MBeans with the Platform MBean Server of the JVM running the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> system (embedded or
+Network Server). The following examples assume that you have configured the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> JVM to enable remote
+JMX, which means that you have set a port number
+(<codeph>com.sun.management.jmxremote.port</codeph>) to be used by the JMX
+Server Connector.</p>
+<p>The examples below assume that the port configured for remote JMX is 9999,
+that the host name of the host running
+<ph conref="../conrefs.dita#prod/productshortname"></ph> is
+<codeph>example.com</codeph>, and that this host is reachable from the
+client host. (This host name is fictitious, and is used for example purposes
+only.)</p>
+<p>The following example code shows how to connect to the MBean Server when
+JMX security has been disabled:</p>
+<codeblock>    JMXServiceURL url = new JMXServiceURL(
+            "service:jmx:rmi:///jndi/rmi://example.com:9999/jmxrmi");
+    JMXConnector jmxc = JMXConnectorFactory.connect(url, null);
+    MBeanServerConnection mbeanServerConn = 
+        jmxc.getMBeanServerConnection();</codeblock>
+<p>The following code shows how to connect to the MBean server when JMX
+password authentication is enabled (the default):</p>
+<codeblock>    JMXServiceURL url = new JMXServiceURL(
+            "service:jmx:rmi:///jndi/rmi://example.com:9999/jmxrmi");
+    // Assuming the following JMX credentials: 
+    //  username=controlRole, password=derby
+    String[] credentials = new String[] { "controlRole" , "derby" };
+    HashMap&lt;String,Object> env = new HashMap&lt;String,Object>();
+    // Set credentials (jmx.remote.credentials, 
+    //  see JMX Remote API 1.0 spec section 3.4)
+    env.put(JMXConnector.CREDENTIALS, credentials);
+    // if the server's RMI registry is protected with SSL/TLS (JDK 6)
+    //  (com.sun.management.jmxremote.registry.ssl=true), the following
+    //  entry must be included:
+    //env.put("com.sun.jndi.rmi.factory.socket", 
+    //    new SslRMIClientSocketFactory());  // uncomment if needed
+
+    // Connect to the server
+    JMXConnector jmxc = JMXConnectorFactory.connect(url, env);
+    MBeanServerConnection mbeanServerConn = 
+        jmxc.getMBeanServerConnection();</codeblock>
+<p><note>Not specifying <codeph>SslRMIClientSocketFactory</codeph> when required
+may result in the error message <codeph>java.rmi.ConnectIOException: non-JRMP
+server at remote endpoint</codeph>.</note></p>
+</section>
+<section><title>Creating a ManagementMBean</title>
+<p>The only <ph conref="../conrefs.dita#prod/productshortname"></ph> MBean that
+can be created by a JMX client is the <codeph>ManagementMBean</codeph>. This
+MBean is useful for controlling
+<ph conref="../conrefs.dita#prod/productshortname"></ph> management (for
+example, enabling and disabling management or MBeans), and to obtain information
+such as the system identifier (which may be needed to specify MBeans later).</p>
+<p>If you create such an MBean from your application, and if
+<ph conref="../conrefs.dita#prod/productshortname"></ph> has already registered
+a <codeph>ManagementMBean</codeph> instance, the new MBean cannot have the same
+object name as the <codeph>ManagementMBean</codeph> already registered with the
+server. It is therefore recommended to use a different object name domain
+(that is, different from <codeph>example.com</codeph>) and/or a different
+<codeph>type</codeph> key property value (different from
+<codeph>Management</codeph>).</p>
+<p>The following example code shows how to create and register a new
+<codeph>ManagementMBean</codeph> with the MBean server:</p>
+<codeblock>    ObjectName mgmtObjName = new ObjectName("com.example.app", 
+                   "type", "DerbyManagement");
+    try {
+        ObjectInstance mgmtObj = 
+            mbeanServerConn.createMBean("example.com.mbeans.Management", 
+                mgmtObjName);
+    } catch (InstanceAlreadyExistsException e) {
+        // A management MBean with this object name already exists!
+    }</codeblock>
+</section>
+<section><title>Activating
+<ph conref="../conrefs.dita#prod/productshortname"></ph> management</title>
+<p><ph conref="../conrefs.dita#prod/productshortname"></ph> attempts to activate
+its JMX management service by default, so it will usually be active unless you
+explicitly deactivate it, providing that
+<ph conref="../conrefs.dita#prod/productshortname"></ph> has permissions to
+perform the activation. If
+<ph conref="../conrefs.dita#prod/productshortname"></ph> management is not
+active, you will not be able to access any MBeans except the
+<codeph>ManagementMBean</codeph>.</p>
+<p>By accessing the <codeph>ManagementActive</codeph> attribute of the
+<codeph>ManagementMBean</codeph>, you can check whether the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> JMX management service
+is active or not. The following example code performs this check and activates
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> management service
+if it is not already active:</p>
+<codeblock>    // assuming we already have a reference to the
+    //  ManagementMBean's object name
+    Boolean active = (Boolean) 
+        mbeanServerConn.getAttribute(mgmtObjName, "ManagementActive");
+    if (!active.booleanValue()) {
+        // start management
+        mbeanServerConn.invoke(mgmtObjName, "startManagement", 
+            new Object[0], new String[0]);
+    }</codeblock>
+</section>
+<section><title>Obtaining the system identifier</title>
+<p>The system identifier is a unique <codeph>String</codeph> that distinguishes
+one running <ph conref="../conrefs.dita#prod/productshortname"></ph> system from
+another. All MBeans that are instantiated by
+<ph conref="../conrefs.dita#prod/productshortname"></ph> include the system
+identifier in their object names.</p>
+<p>One way to access an MBean is to fully specify its object name when
+contacting the MBean server. For this, you need to know the current system
+identifier. (Alternative ways to access MBeans include querying the MBean server
+for all MBeans, or for MBeans whose object names match a specific pattern.)</p>
+<p>The following example shows how to obtain the system identifier by accessing
+a <codeph>ManagementMBean</codeph>:</p>
+<codeblock>    // assuming we already have a reference to the 
+    //  ManagementMBean's object name
+    String systemID = (String) mbeanServerConn.getAttribute(mgmtObjName, 
+        "SystemIdentifier");</codeblock>
+<p>The following example shows how to obtain the system identifier from a
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBean's object
+name:</p>
+<codeblock>    // assuming we already have a reference to the ObjectName
+    //  of an MBean registered by Derby, for example the
+    //  Derby-registered ManagementMBean
+    String systemID = derbyMgmtObjectName.getKeyProperty("system");</codeblock>
+</section>
+<section><title>Accessing a specific
+<ph conref="../conrefs.dita#prod/productshortname"></ph>-registered MBean</title>
+<p>In the previous examples, you have already seen how to read a single MBean
+attribute, and how to invoke an MBean operation. In order to do this, you
+usually need a reference to the MBean's <codeph>ObjectName</codeph>.</p>
+<p>If you consult the API documentation for the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans at
+<xref format="html"
+href="http://db.apache.org/derby/javadoc/publishedapi/jdbc4/"
+scope="external">http://db.apache.org/derby/javadoc/publishedapi/jdbc4/</xref>
+and obtain the system identifier of the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> system you are
+accessing through JMX, you have all the information you need to be able to
+instantiate a <codeph>javax.management.ObjectName</codeph> object directly, by
+fully specifying its <codeph>String</codeph> representation (see the
+<codeph>ObjectName</codeph> API documentation for details).</p>
+<p>The following example code shows how to obtain a reference to the
+<codeph>VersionMBean</codeph> for <codeph>derby.jar</codeph>:</p>
+<codeblock>    // Assuming we already know the system identifier 
+    // (see examples above), systemID.
+    // A list of key properties is available is each MBean's Javadoc API.
+    Hashtable&lt;String, String> keyProps = new Hashtable&lt;String, String>();
+    keyProps.put("type", "Version");
+    keyProps.put("jar", "derby.jar");
+    keyProps.put("system", systemID);
+    // MBeans registered by Derby always belong to the 
+    //  "org.apache.derby" domain
+    ObjectName versionObjectName = 
+        new ObjectName("org.apache.derby", keyProps);
+
+    // we can now use the object name to read an attribute
+    String versionString = 
+        (String) mbeanServerConn.getAttribute(versionObjectName, 
+            "VersionString");
+    System.out.println("VersionString: " + versionString);</codeblock>
+<p>The output would look something like this:</p>
+<codeblock>VersionString: 10.9.1.1 - (1305115)</codeblock>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxcode.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxdisable" xml:lang="en-us">
+<title>Disabling access to MBeans</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>disabling access</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>You may wish to disable or restrict access to MBeans in security-conscious
+environments. You can do this using either of the following techniques.</p>
+<p>The first technique is to use the <codeph>stopManagement()</codeph> method of
+<codeph>ManagementMBean</codeph>. This method unregisters all of the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans except
+<codeph>ManagementMBean</codeph> itself, so it does not turn access off
+completely.</p>
+<p>The second technique is to run the Network Server with a custom security
+policy that does not grant <codeph>derby.jar</codeph> the permissions needed to
+register MBeans. For example, you can modify the Network Server's basic policy
+(see <xref href="tadminnetservbasic.dita#tadminnetservbasic"></xref>) by
+commenting out this section:</p>
+<codeblock>// Allows access to Derby's built-in MBeans, within the domain
+// org.apache.derby.
+// Derby must be allowed to register and unregister these MBeans.
+// It is possible to allow access only to specific MBeans, attributes or
+// operations. To fine tune this permission, see the javadoc of
+// javax.management.MBeanPermission or the JMX Instrumentation and Agent
+// Specification.
+//
+permission javax.management.MBeanPermission
+    "org.apache.derby.*#[org.apache.derby:*]",
+    "registerMBean,unregisterMBean";</codeblock>
+<p>If the permission to register MBeans is not granted to
+<codeph>derby.jar</codeph>, the
+<codeph>JMXManagementService.jmxRegister()</codeph> method will silently ignore
+any requests to register MBeans, as can be seen from this <codeph>catch</codeph>
+block in that method:</p>
+<codeblock>        } catch (SecurityException se) {
+            // If we can't register the MBean, then so be it.
+            // The application can later enable the MBeans
+            // by using org.apache.derby.mbeans.Management
+        } </codeblock>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxenabledisable.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenabledisable.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenabledisable.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenabledisable.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxenabledisable" xml:lang="en-us">
+<title>Enabling and disabling JMX</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>enabling and disabling</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>You can use JMX management and monitoring both locally and remotely. The
+term <term>local</term> means <i>on the same host (machine)</i> and <i>running
+as the same user</i>. For example, this means that local JMX access is possible
+only if the JVM you want to access is running on the same host and as the same
+user as the user who is running a JMX client such as JConsole (or a different user
+with sufficient file system permissions). In order to allow other users to access
+the JVM, or to allow access from other hosts, remote JMX must be enabled.</p>
+</section>
+<section><title>Local JMX access</title>
+<p>If you are using a Java SE 6 or 7 JVM, local JMX management and monitoring are
+most likely enabled by default.</p>
+<p>Some JVMs, for example Java SE 5 JVMs, do not enable local JMX management by
+default. Refer to the documentation for your JVM for details. A common way to
+enable local JMX access on these JVMs is to include the
+<codeph>-Dcom.sun.management.jmxremote</codeph> option on the command line when
+you start the JVM.</p>
+</section>
+<section><title>Remote JMX access</title>
+<p>Remote JMX management and monitoring is a powerful Java feature, allowing you
+to monitor a specific JVM from a remote location. Enabling remote JMX requires
+explicit actions by the JVM administrator, since it may involve exposing
+sensitive information about your system.</p>
+<p>The most common way to enable remote JMX access to your JVM is to specify a
+TCP/IP port number and some basic security settings when you start the JVM. The
+security settings commonly include authentication and SSL (Secure Socket
+Layer). <ph conref="../conrefs.dita#prod/productshortname"></ph> attempts to use
+the JVM's built-in platform MBean server. For a list of current command line
+options (system properties) and their meanings, refer to the table in the
+<cite>Java SE Monitoring and Management Guide</cite> at <xref format="html"
+href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdeum"
+scope="external">http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdeum
+</xref>.</p>
+<p>The following topics describe ways to enable and disable remote JMX
+access.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxenabledisable.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxenablenoauth.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablenoauth.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablenoauth.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablenoauth.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxenablenoauth" xml:lang="en-us">
+<title>Enabling remote JMX with no authentication or SSL</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>enabling without authentication</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>The following simple example starts the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> Network Server on the
+command line with <i>insecure</i> remote JMX management and monitoring enabled,
+using the Oracle JDK 6 or 7 JVM. Password authentication over SSL is enabled by
+default, but here these security features are disabled, to keep the example
+simple.</p>
+<p><note type="important">It is not recommended to disable authentication or SSL
+in production environments.</note></p>
+<codeblock><b>java -Dcom.sun.management.jmxremote.port=9999
+-Dcom.sun.management.jmxremote.authenticate=false
+-Dcom.sun.management.jmxremote.ssl=false 
+-jar $DERBY_HOME/lib/derbyrun.jar server start</b></codeblock>
+<p>When you start the Network Server from the command line, it automatically
+installs a security manager using a basic default security policy, unless you
+specify the <codeph>-noSecurityManager</codeph> option. You may need to
+customize this policy to make it suit your needs. See
+<xref href="radminjmxenablepolicy.dita#radminjmxenablepolicy"></xref> for
+details.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxenablenoauth.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,264 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxenablepolicy" xml:lang="en-us">
+<title>Fine-grained authorization using a security policy</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>using a security policy</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>When you start the Network Server from the command line, it installs a
+security manager and a basic security policy by default. This policy includes
+the required permissions to allow JMX users to access the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans if JMX user
+authentication is disabled. If JMX user authentication is enabled, you may need
+to grant additional permissions to specific users (JMXPrincipals).</p>
+<p>The <codeph>NetworkServerMBean</codeph>'s <codeph>ping</codeph> operation
+requires the <codeph>derbynet.jar</codeph> file to be granted an additional
+permission that is not included in the default security policy:</p>
+<codeblock>// If the server is listening on the loopback interface only (default)
+permission java.net.SocketPermission "localhost", "connect,resolve";
+
+// If the server's network interface setting (-h or derby.drda.host) is
+//   non-default
+// Note: Allows outbound connections to any host!
+permission java.net.SocketPermission "*", "connect,resolve";</codeblock>
+<p>If you are using a custom security policy, refer to the public API of
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans at
+<xref format="html"
+href="http://db.apache.org/derby/javadoc/publishedapi/jdbc4/"
+scope="external">http://db.apache.org/derby/javadoc/publishedapi/jdbc4/</xref>
+and to the <ph conref="../conrefs.dita#prod/productshortname"></ph> security
+policy file template
+(<codeph>$DERBY_HOME/demo/templates/server.policy</codeph>) for details about
+the permissions you may need to set to allow or restrict specific JMX access.
+This recommendation also applies if you are running
+<ph conref="../conrefs.dita#prod/productshortname"></ph> embedded with a
+security manager installed.</p>
+<p>See <xref href="tadminnetservrun.dita#tadminnetservrun"></xref> for more
+information about security policy files.</p>
+<p>Some example permissions are included in the following code. These
+permissions are not necessarily suitable for any particular application or
+environment; some customization is probably needed. Only permissions relating to the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> JMX features have been
+included in the code. Additional permissions are needed for use of
+<ph conref="../conrefs.dita#prod/productshortname"></ph>.</p>
+<codeblock>//
+// permissions for the user/principal "controlRole", for all codebases:
+//
+grant principal javax.management.remote.JMXPrincipal "controlRole" {
+
+  // Derby system permissions (what is the user allowed to do?)
+  //  See API docs for SystemPermission and the specific MBeans for 
+  //  details.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", 
+      "monitor";
+  permission org.apache.derby.security.SystemPermission "server", 
+      "monitor,control";
+
+  // MBean permissions (which mbeans and associated actions should be
+  //  allowed for this user?)
+  //  Target name format is: className#member[objectName], where
+  //   objectName is: domain:keyProperties
+  //  Asterisk (*) means "all". See MBeanPermission API docs for details.
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.mbeans.*#*[org.apache.derby:*]", "getAttribute";
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.mbeans.JDBCMBean#acceptsURL[org.apache.derby:*]",
+      "invoke";
+  permission javax.management.MBeanPermission 
+"org.apache.derby.mbeans.drda.NetworkServerMBean#ping[org.apache.derby:*]",
+      "invoke";
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.mbeans.ManagementMBean#*[org.apache.derby:*]", 
+      "invoke";
+
+  // Extra permissions for application controlled ManagementMBean:
+  //   Not needed if you do not intend to create/register your own
+  //   Derby Management MBean.
+  //   Wildcards (*) allow all domains, key properties and MBean members.
+  //   You may want to be more specific here.
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.mbeans.Management#-[*:*]", 
+      "instantiate,registerMBean,unregisterMBean";
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.mbeans.Management#*[*:*]", "invoke";
+
+  //
+  // jconsole:
+  //  - most of these permissions are needed to let JConsole query the 
+  //    MBean server and display information about Derby's mbeans as well
+  //    as some default platform MBeans/MXBeans.
+  //  - if you don't use JConsole, but query the MBean server from your
+  //    JMX client app, some of these permissions may be needed.
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.mbeans.*#-[org.apache.derby:*]", 
+      "getMBeanInfo,queryNames,isInstanceOf";
+  permission javax.management.MBeanPermission 
+      "sun.management.*#-[java.*:*]", 
+      "getMBeanInfo,isInstanceOf,queryNames";
+  permission javax.management.MBeanPermission 
+      "sun.management.*#*[java.*:*]", "getAttribute,invoke";
+  permission javax.management.MBeanPermission 
+      "sun.management.*#-[com.sun.management*:*]", 
+      "getMBeanInfo,isInstanceOf,queryNames";
+  permission javax.management.MBeanPermission 
+      "com.sun.management.*#-[java.*:*]", 
+      "getMBeanInfo,isInstanceOf,queryNames";
+  permission javax.management.MBeanPermission 
+      "com.sun.management.*#*[java.*:*]", "getAttribute,invoke";
+  permission javax.management.MBeanPermission "java.*#-[java.*:*]", 
+      "getMBeanInfo,isInstanceOf,queryNames";
+  permission javax.management.MBeanPermission 
+"javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", 
+      "getMBeanInfo,isInstanceOf,queryNames,addNotificationListener";
+  permission java.net.SocketPermission "*", "resolve";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.library.path", "read";
+  permission java.lang.management.ManagementPermission "monitor";
+  // end jconsole
+};
+
+
+grant codeBase "${derby.install.url}derby.jar"
+{
+  // Allows Derby to create an MBeanServer:
+  //
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain 
+  //  org.apache.derby. Derby must be allowed to register and unregister
+  //  these MBeans.
+  // It is possible to allow access only to specific MBeans, attributes,
+  //  or operations. To fine-tune this permission, see the API doc of 
+  //  javax.management.MBeanPermission or the JMX Instrumentation and
+  //  Agent Specification. 
+  //
+  permission javax.management.MBeanPermission 
+      "org.apache.derby.*#[org.apache.derby:*]", 
+      "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in
+  // the MBean server.
+  //
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Gives permission for JMX to be used against Derby.
+  // If JMX user authentication is being used, a whole set of
+  //  fine-grained permissions needs to be granted to allow specific
+  //  users access to MBeans and actions they perform (see JMXPrincipal
+  //  permissions above).
+  // Needed to allow access to all actions related to MBeans in the
+  // org.apache.derby.mbeans package.
+  //
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", 
+      "monitor";
+  permission org.apache.derby.security.SystemPermission "server", 
+      "monitor";
+
+  // add additonal derby.jar related permissions here...
+};
+
+
+grant codeBase "${derby.install.url}derbynet.jar"
+{
+  // Accept connections from any host (only localhost access is required
+  //  for JMX).
+  //
+  permission java.net.SocketPermission "*", "accept"; 
+
+  // For outbound MBean operations such as NetworkServerMBean's ping:
+  // The wildcard "*" is to allow pings to both localhost and any other
+  //  server host.
+  //
+  permission java.net.SocketPermission "*", "connect,resolve"; 
+
+  // Gives permission for JMX to be used against Derby.
+  // If JMX user authentication is being used, a whole set of
+  //  fine-grained permissions need to be granted to allow specific users
+  //  access to MBeans and actions they perform (see JMXPrincipal
+  //  permissions above).
+  // Needed to allow access to all actions related to the 
+  //  NetworkServerMBean.
+  //
+  permission org.apache.derby.security.SystemPermission "server", 
+      "control,monitor";
+
+  // add additonal derbynet.jar related permissions here...</codeblock>
+<p>In the example above, the system property <codeph>derby.install.url</codeph>
+is used to tell the security manager/policy implementation where to find the
+codebases <codeph>derby.jar</codeph> and <codeph>derbynet.jar</codeph>. Using a
+property provides flexibility; however, you may avoid the use of such a property
+by specifying the full codebase URLs directly in the policy file. The value of
+this property may be specified on the command line, as shown below:</p>
+<codeblock>-Dderby.install.url=file:/home/user/derby/10.9.1/lib/</codeblock>
+<p>or</p>
+<codeblock>-Dderby.install.url=file:/C:/derby/10.9.1/lib/</codeblock>
+<p>For more information about policy files, granting permissions, and property
+expansion, see "Default Policy Implementation and Policy File Syntax" at
+<xref format="html"
+href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html"
+scope="external">http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html</xref>
+and "Policy File Creation and Management" at
+<xref format="html"
+href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyGuide.html"
+scope="external">http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyGuide.html</xref>.
+</p>
+</section>
+<section><title>Debugging permission issues</title>
+<p>Dealing with security managers, policy files and permissions is not always
+easy. Sometimes an action you want to perform fails due to some security or
+permission issue that you do not understand. The following tip may help.</p>
+<p>When you start the JVM that is being protected by the security manager, add a
+<codeph>java.security.debug</codeph> flag to see detailed output related to
+security policy and permission usage. For a list of valid options, use the
+following command:</p>
+<codeblock><b>java -Djava.security.debug=help</b></codeblock>
+<p>For example, you could use the following option when you start the Network
+Server from the command line:</p>
+<codeblock>-Djava.security.debug=access:failure</codeblock>
+<p>This option will print information to the console that allows you to learn
+specifically which permissions are granted and which are missing when a failure
+occurs. Due to the amount of output generated when you set the debug flag, it
+may be wise to store the output in a file and search through it afterwards.</p>
+<p>For example, to find out details about a missing permission, search for the
+text "access denied" in the output, and you will see something like the
+following:</p>
+<codeblock>access: access denied 
+    (org.apache.derby.security.SystemPermission engine monitor)
+java.lang.Exception: Stack trace
+   at java.lang.Thread.dumpStack(Thread.java:1158)
+   ...
+   at org.apache.derby.iapi.services.info.Version.getVersionString
+       (Unknown Source)
+...</codeblock>
+<p>The above example output shows that the <codeph>derby.jar</codeph> code base
+was missing the following permission as the JMX client was accessing the
+<codeph>VersionString</codeph> attribute of the <codeph>VersionMBean</codeph>
+for <codeph>derby.jar</codeph>:</p>
+<codeblock>org.apache.derby.security.SystemPermission "engine", "monitor";</codeblock>
+<p></p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxenablepwd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepwd.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepwd.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepwd.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxenablepwd" xml:lang="en-us">
+<title>Enabling remote JMX with password authentication only</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>enabling with password authentication</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>Some JVMs include built-in support for JMX password authentication. For
+example, with Oracle Java Development Kit (JDK) 6 or 7, authentication is
+enabled by default, and it is possible to specify a properties file that
+contains usernames and passwords. The properties file syntax is the same as for
+other Java properties files.</p>
+<p><note>When authentication is enabled and a Java Security Manager is
+installed, additional permissions may need to be granted to users in the
+security policy used. See
+<xref href="radminjmxenablepolicy.dita#radminjmxenablepolicy"></xref> for
+details.</note></p>
+<p>For example, you could create a password file called
+<codeph>jmxremote.password</codeph>:</p>
+<codeblock>## Defining two "roles", each with its own password
+monitorRole  derbym
+controlRole  derby</codeblock>
+<p>The security of the password file relies on your file system's access control
+mechanisms. The file must be readable by the owner only. Also, you may need to
+change the permissions on the password file to be readable only by the user who
+starts the server. To do this on Windows (NTFS), use a command like the
+following:</p>
+<codeblock><b>cacls jmxremote.password /P <i>username</i>:R</b></codeblock>
+<p><note>FAT file systems do not support this feature.</note></p>
+<p>The following example starts the Network Server on the command line with
+built-in JMX password authentication enabled. SSL is disabled, meaning that JMX
+information, including user names and passwords most likely will be transferred
+unprotected on the computer network. The command line appears on multiple lines
+to improve readability, but you would enter it as a single <codeph>java</codeph>
+command.</p>
+<p><note type="important">It is not recommended to disable SSL in production
+environments.</note></p>
+<codeblock><b>java -Dcom.sun.management.jmxremote.port=9999
+-Dcom.sun.management.jmxremote.ssl=false 
+-Dcom.sun.management.jmxremote.password.file=jmxremote.password
+-jar lib/derbyrun.jar server start</b></codeblock>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxenablepwd.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxenablepwdssl" xml:lang="en-us">
+<title>Enabling remote JMX with password authentication and SSL</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>enabling with password authentication and SSL</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>This example shows how to start the Network Server as follows:</p>
+<ul>
+<li>Using Oracle JDK 6 or 7</li>
+<li>Using a Java security manager and a custom policy file,
+<codeph>jmx.policy</codeph></li>
+<li>Allowing connections from remote hosts (that is, on all IPv4 network
+interfaces) by specifying <codeph>-h 0.0.0.0</codeph></li>
+<li>Using password authentication, as described in
+<xref href="radminjmxenablepwd.dita#radminjmxenablepwd"></xref>, using the
+<codeph>jmxremote.password</codeph> file</li>
+<li>Using SSL (Secure Socket Layer) for the following:
+<ul>
+<li>Authenticating clients</li>
+<li>Encrypting all JMX-related network communication</li>
+<li>Protecting the RMI registry used by the MBean server</li>
+</ul>
+</li>
+</ul>
+<p>This level of protection may or may not be adequate for you, but it is more
+secure than the previous examples.</p>
+<p>The command line appears on multiple lines to improve readability, but you
+would enter it as a single <codeph>java</codeph> command.</p>
+<codeblock><b>java -Dcom.sun.management.jmxremote.port=9999 
+-Dcom.sun.management.jmxremote.password.file=jmxremote.password 
+-Djavax.net.ssl.keyStore=/home/user/.keystore 
+-Djavax.net.ssl.keyStorePassword=myKeyStorePassword 
+-Dcom.sun.management.jmxremote.ssl.need.client.auth=true 
+-Djavax.net.ssl.trustStore=/home/user/.truststore 
+-Djavax.net.ssl.trustStorePassword=myTrustStorePassword 
+-Dcom.sun.management.jmxremote.registry.ssl=true 
+-Djava.security.manager 
+-Djava.security.policy=jmx.policy 
+-jar lib/derbyrun.jar server start -h 0.0.0.0</b></codeblock>
+<p><note>When password authentication is enabled and a Java Security Manager is
+installed, a number of JMX-related permissions need to be granted to trusted
+users in the security policy used. See
+<xref href="radminjmxenablepolicy.dita#radminjmxenablepolicy"></xref> for
+details.</note></p>
+<p>In the example above, system properties specify the keystore containing the
+server's key pair, the keystore password, the truststore containing the client
+certificates, and the truststore password. Setting up SSL keystores and
+truststores is partly described in
+<xref href="cadminsslkeys.dita#cadminsslkeys"></xref>. Other topics in the
+section <xref href="cadminssl.dita#cadminssl"></xref> provide information on
+protecting database network traffic using SSL.</p>
+<p>When you configure SSL as described above, the following requirements
+apply:</p>
+<ul>
+<li>The password of the private key must be the same as the password of the
+keystore.</li>
+<li>If the keystore contains more than one key pair, the key pair you want to
+use must be listed first among all the keys in the keystore. Otherwise, you
+(or the clients) may see an exception with a message like the following:
+<codeblock>unable to find valid certification path to requested target</codeblock>
+</li>
+</ul>
+<p>The system property
+<codeph>com.sun.management.jmxremote.ssl.need.client.auth=true</codeph>
+specifies that clients must use SSL to authenticate themselves. This property,
+as well as the truststore properties, may be removed if you do not want to
+authenticate clients using SSL. However, there may be security risks associated
+with using password authentication only.</p>
+<p>The system property
+<codeph>com.sun.management.jmxremote.registry.ssl=true</codeph> was new in
+JDK 6 and aims at resolving security issues with the RMI registry used in
+relation with JMX. This property must be used in conjunction with
+<codeph>com.sun.management.jmxremote.ssl.need.client.auth=true</codeph> in order
+to fully secure the RMI registry.</p>
+<p>If you use a Java SE 5 JDK, clients must provide an additional entry in the
+environment map passed to the <codeph>JMXConnector</codeph> when enabling SSL
+protection of the registry:</p>
+<codeblock>env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());</codeblock>
+<p>See <xref href="radminjmxcode.dita#radminjmxcode/connmbeanserver"></xref> for
+details.</p>
+<p>Clients must also specify and use proper keystores and/or truststores (the
+truststores must contain the server's SSL certificate).</p>
+<p>For more information about the system properties used above and potential
+security risks, see "Monitoring and Management Using JMX Technology" at
+<xref format="html"
+href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html"
+scope="external">http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html
+</xref>.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxenablesimpleauth.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablesimpleauth.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablesimpleauth.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablesimpleauth.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxenablesimpleauth" xml:lang="en-us">
+<title>Simple authorization using an access file</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>simple authorization using an access file</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>Some JVMs support a simple access file system for controlling JMX access. An
+access file is formatted the same way as password files (described in
+<xref href="radminjmxenablepwd.dita#radminjmxenablepwd"></xref>), and associates
+roles with an access level. Valid access levels are <codeph>readonly</codeph>
+and <codeph>readwrite</codeph>:</p>
+<ul>
+<li>The <codeph>readonly</codeph> level only allows the JMX client to read an
+MBean's attributes and receive notifications.</li>
+<li>The <codeph>readwrite</codeph> level also allows setting attributes,
+invoking operations, and creating and removing MBeans.</li>
+</ul>
+<p>To use an access file for JMX authorization, specify the name of the access
+file using a system property upon JVM startup:</p>
+<codeblock>-Dcom.sun.management.jmxremote.access.file=jmxremote.access</codeblock>
+<p>The contents of such an access file may look like this:</p>
+<codeblock>monitorRole   readonly
+controlRole   readwrite</codeblock>
+<p>For more information, see "Monitoring and Management Using JMX Technology" at
+<xref format="html"
+href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html"
+scope="external">http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html
+</xref>.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxenablesimpleauth.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxintro.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxintro.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxintro.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxintro.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxintro" xml:lang="en-us">
+<title>Introduction to the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>using</indexterm></indexterm>
+<indexterm>MBeans<indexterm>using</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p><ph conref="../conrefs.dita#prod/productshortname"></ph> provides the
+MBeans described in this section.</p>
+<p>The API documentation for each
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBean describes its
+features in detail. You can find this documentation at <xref format="html"
+href="http://db.apache.org/derby/javadoc/publishedapi/jdbc4/"
+scope="external">http://db.apache.org/derby/javadoc/publishedapi/jdbc4/</xref>.
+</p>
+</section>
+<section><title>VersionMBean</title>
+<p><codeph>VersionMBean</codeph> exposes version information about the running
+<ph conref="../conrefs.dita#prod/productshortname"></ph> system jar file.</p>
+<ul>
+<li>Interface: <codeph>org.apache.derby.mbeans.VersionMBean</codeph></li>
+<li>Implementation: <codeph>org.apache.derby.iapi.services.info.Version (not
+public)</codeph></li>
+<li>ObjectName: 
+<codeph>org.apache.derby:type=Version,system=&lt;sysID>,jar=derby.jar</codeph>
+(monitors <codeph>derby.jar</codeph>, the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> engine), or
+<codeph>org.apache.derby:type=Version,system=&lt;sysID>,jar=derbynet.jar</codeph>
+(monitors <codeph>derbynet.jar</codeph>, the server)</li>
+<li>Instruments:
+<codeph>org.apache.derby.iapi.services.info.ProductVersionHolder</codeph></li>
+</ul>
+</section>
+<section><title>JDBCMBean</title>
+<p><codeph>JDBCMBean</codeph> exposes information about the JDBC driver.</p>
+<ul>
+<li>Interface: <codeph>org.apache.derby.mbeans.JDBCMBean</codeph></li>
+<li>Implementation: <codeph>org.apache.derby.jdbc.JDBC</codeph> (not
+public)</li>
+<li>ObjectName: <codeph>org.apache.derby:type=JDBC,system=&lt;sysID></codeph>
+</li>
+<li>Instruments:
+<codeph>org.apache.derby.jdbc.InternalDriver</codeph> and
+<codeph>org.apache.derby.iapi.services.info.JVMInfo</codeph></li>
+</ul>
+</section>
+<section><title>ManagementMBean</title>
+<p><codeph>ManagementMBean</codeph> manages the state of the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans (registered or
+not).</p>
+<ul>
+<li>Interface <codeph>org.apache.derby.mbeans.ManagementMBean</codeph></li>
+<li>Implementation: <codeph>org.apache.derby.mbeans.Management</codeph> (public;
+may be registered by JMX clients)</li>
+<li>Extended by:
+<codeph>org.apache.derby.iapi.services.jmx.ManagementService</codeph>
+(interface; not public), with the following implementations:
+<ul>
+<li><codeph>org.apache.derby.impl.services.jmx.JMXManagementService</codeph>
+(not public)</li>
+<li><codeph>org.apache.derby.impl.services.jmxnone.NoManagementService</codeph>
+(not public; empty implementation for environments without the required JMX
+support)</li>
+</ul>
+</li>
+<li>ObjectName:
+<codeph>org.apache.derby:type=Management,system=&lt;sysID></codeph> when
+registered by <ph conref="../conrefs.dita#prod/productshortname"></ph> 
+</li>
+<li>Instruments:
+<codeph>org.apache.derby.impl.services.jmx.JMXManagementService</codeph></li>
+</ul>
+</section>
+<section><title>NetworkServerMBean</title>
+<p><codeph>NetworkServerMBean</codeph> monitors and manages a running instance
+of the Network Server.</p>
+<ul>
+<li>Interface:
+<codeph>org.apache.derby.mbeans.drda.NetworkServerMBean</codeph></li>
+<li>Implementation:
+<codeph>org.apache.derby.impl.drda.NetworkServerMBeanImpl</codeph> (not
+public)</li>
+<li>ObjectName:
+<codeph>org.apache.derby:type=NetworkServer,system=&lt;sysID></codeph></li>
+<li>Instruments:
+<codeph>org.apache.derby.impl.drda.NetworkServerControlImpl</codeph></li>
+</ul>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxintro.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxjconsole.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxjconsole.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxjconsole.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxjconsole.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxjconsole" xml:lang="en-us">
+<title>Using JConsole to access the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>using JConsole</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>JConsole is a graphical JMX-compliant tool that is available in recent
+versions of the Oracle JDKs. JConsole enables you to monitor and manage Java
+applications and virtual machines on a local or remote machine.</p>
+<p>You may use JConsole from JDK 6 or 7 even if you are running
+<ph conref="../conrefs.dita#prod/productshortname"></ph> using an earlier
+version of the JDK (or just the JRE). (You could also use JConsole from JDK 5 if
+you are running <ph conref="../conrefs.dita#prod/productshortname"></ph> using
+JDK 6 or 7.) It is recommended that you use the newest version possible. More
+information about JConsole is available in the OpenJDK project at
+<xref format="html"
+href="http://openjdk.java.net/tools/svc/jconsole/index.html"
+scope="external">http://openjdk.java.net/tools/svc/jconsole/index.html</xref>.</p>
+</section>
+<section><title>Starting JConsole and connecting to Derby</title>
+<p>In the Oracle JDK, the JConsole binary is available in
+<codeph>JDK_HOME/bin</codeph>, where JDK_HOME is the directory in which the JDK
+is installed. To start JConsole, use the <codeph>jconsole</codeph> command, as
+in the following example on a UNIX system:</p>
+<codeblock><b>/usr/local/java/jdk1.6.0/bin/jconsole</b></codeblock>
+<p>If you did not disable SSL when booting the managed JVM, you probably have
+to provide a truststore containing the server's SSL certificate to be able to
+establish JMX connections. If SSL client authentication is enabled, a keystore
+must be configured as well (see
+<xref href="radminjmxenablepwdssl.dita#radminjmxenablepwdssl"></xref> for
+details). The following example shows how to start JConsole with SSL client and
+server authentication:</p>
+<codeblock><b>jconsole -J-Djavax.net.ssl.trustStore=/home/user/.truststoreForClient
+-J-Djavax.net.ssl.trustStorePassword=myTruststorePassword
+-J-Djavax.net.ssl.keyStore=/home/user/.keystoreForClient
+-J-Djavax.net.ssl.keyStorePassword=myKeyStorePassword</b></codeblock>
+<p>A graphical user interface (GUI) appears. For additional startup options,
+refer to the JConsole documentation. Once the GUI starts, you are presented with
+a list of the JVMs that are accessible on the local host. Locate the JVM that is
+running <ph conref="../conrefs.dita#prod/productshortname"></ph> and connect to
+it.</p>
+<p>To connect to a JVM on a remote host, you will need to supply the host name
+and port number, or a JMX service URL, instead.</p>
+<p>If you cannot find the Derby JVM running on the local host, make sure you are
+running JConsole as the same user as the Derby JVM, or as a different user with
+sufficient file system permissions. If you are using Java SE 5, make sure you
+have enabled JMX. When you use Java SE 6 or 7, local JMX access is enabled by
+default.</p>
+</section>
+<section><title>Accessing MBeans</title>
+<p>Once you have connected to a JVM via JConsole, the JVM's MBeans should be
+available on a separate tab in the internal JConsole window. Under the domain
+<codeph>org.apache.derby</codeph> you should see a list of MBeans. Browse the
+MBeans and their attributes and operations by navigating the hierarchy
+presented.</p>
+<p>Another useful JConsole feature is that you can view dynamic data represented
+as JMX attributes in graph form. To view these graphs, double-click an attribute
+value that is a number.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxjconsole.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/adminguide/radminjmxtroubleshoot.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxtroubleshoot.dita?rev=1324773&view=auto
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxtroubleshoot.dita (added)
+++ db/derby/docs/trunk/src/adminguide/radminjmxtroubleshoot.dita Wed Apr 11 14:11:39 2012
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+   http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+-->
+<reference id="radminjmxtroubleshoot" xml:lang="en-us">
+<title>Troubleshooting JMX connection issues</title>
+<prolog><metadata>
+<keywords><indexterm>Java Management Extensions (JMX) technology</indexterm>
+<indexterm>JMX<indexterm>using a security policy</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
+<refbody>
+<section>
+<p>If you experience problems connecting remotely to an MBean server using JMX
+(as described in <xref href="radminjmxjconsole.dita#radminjmxjconsole"></xref>
+and <xref href="radminjmxcode.dita#radminjmxcode"></xref>), It may be helpful to
+obtain some tracing information. The JMX implementation in the Oracle JDK uses
+the <codeph>java.util.logging</codeph> API to log JMX traces. For example, in
+order to trace SSL connection issues, set the system property
+<codeph>java.util.logging.config.file</codeph> as shown in the following:</p>
+<codeblock><b>java -Djava.util.logging.config.file=logging.properties MyJmxClient</b></codeblock>
+<p>With JConsole, a separate logging window will appear if you specify the
+following option when you start JConsole (see
+<xref href="radminjmxjconsole.dita#radminjmxjconsole"></xref>), as long as the
+<codeph>logging.properties</codeph> file is found:</p>
+<codeblock>-J-Djava.util.logging.config.file=logging.properties</codeblock>
+<p>The <codeph>logging.properties</codeph> file should specify log handlers and
+logging levels, as in the following example:</p>
+<codeblock>handlers = java.util.logging.ConsoleHandler
+.level = INFO
+
+java.util.logging.ConsoleHandler.level=FINEST
+java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
+
+ // Level FINEST is suitable for diagnosing SSL-related JMX remote
+ //  connection issues.
+javax.management.level=FINEST
+javax.management.remote.level=FINEST</codeblock>
+<p>The blog entry <xref format="html"
+href="https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole"
+scope="external">https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole</xref>
+provides additional hints and tips.</p>
+</section>
+</refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/adminguide/radminjmxtroubleshoot.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/adminguide/tadminconfigsysteminformation.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminconfigsysteminformation.dita?rev=1324773&r1=1324772&r2=1324773&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminconfigsysteminformation.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminconfigsysteminformation.dita Wed Apr 11 14:11:39 2012
@@ -39,15 +39,8 @@ the Network Server on a UNIX system:</cm
 <example><p>For more information on the <codeph>sysinfo</codeph> utility, see
 the <ph conref="../conrefs.dita#pub/citutilities"></ph>.</p>
 <p>You can also use Java Management Extensions (JMX) technology to obtain
-system information. For details, visit the wiki page
-<xref format="html" href="http://wiki.apache.org/db-derby/DerbyJMX"
-scope="external">http://wiki.apache.org/db-derby/DerbyJMX</xref> and refer to
-the API documentation for the packages <codeph>org.apache.derby.mbeans</codeph>
-and <codeph>org.apache.derby.mbeans.drda</codeph>. For information on JMX
-technology, see
-<xref format="html" href="http://download.oracle.com/javase/6/docs/technotes/guides/jmx/"
-scope="external">http://download.oracle.com/javase/6/docs/technotes/guides/jmx/</xref>.
-</p>
+system information. For details, see
+<xref href="cadminjmxoverview.dita#cadminjmxoverview"></xref>.</p>
 </example>
 </taskbody>
 </task>

Modified: db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita?rev=1324773&r1=1324772&r2=1324773&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita Wed Apr 11 14:11:39 2012
@@ -110,18 +110,22 @@ in the <ph conref="../conrefs.dita#pub/c
 <dd> This permission is also needed when setting the context class loader to avoid class loader leaks. The class loader for the parent is saved and set to null before creation of the thread and restored afterwards. </dd>
 </dlentry><dlentry>
 <dt>permission javax.management.MBeanServerPermission "createMBeanServer";</dt>
-<dd>Allows Derby to create an MBean server. If the JVM running Derby supports
-the platform MBean server, Derby will automatically try to create such a
-server if it does not already exist. For details, visit the wiki page 
-<xref format="html" href="http://wiki.apache.org/db-derby/DerbyJMX" 
-scope="external">http://wiki.apache.org/db-derby/DerbyJMX</xref>.
-</dd>
+<dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> to create an
+MBean server. If the JVM running
+<ph conref="../conrefs.dita#prod/productshortname"></ph> supports the platform
+MBean server, <ph conref="../conrefs.dita#prod/productshortname"></ph> will
+automatically try to create such a server if it does not already exist. For
+details, see "Using Java Management Extensions (JMX) technology" in the
+<ph conref="../conrefs.dita#pub/citadmin"></ph>.</dd>
 </dlentry><dlentry>
 <dt>permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";</dt>
-<dd>Allows Derby to register and unregister its (JMX) MBeans. Such MBeans are
-associated with the domain <codeph>org.apache.derby</codeph>, which is also the prefix of
-the fully qualified class name of all Derby MBeans. For more information about
-Derby's MBeans, refer to the public API (Javadoc) documentation of the package
+<dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> to register
+and unregister its (JMX) MBeans. Such MBeans are associated with the domain
+<codeph>org.apache.derby</codeph>, which is also the prefix of the fully
+qualified class name of all
+<ph conref="../conrefs.dita#prod/productshortname"></ph> MBeans. For more
+information about the <ph conref="../conrefs.dita#prod/productshortname"></ph>
+MBeans, refer to the public API (Javadoc) documentation of the package
 <codeph>org.apache.derby.mbeans</codeph> and its subpackages. It is possible to fine-tune
 this permission, for example in order to allow access only to certain MBeans.
 To fine-tune this permission, see the API documentation for

Modified: db/derby/docs/trunk/src/devguide/cdevsetprop824983.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevsetprop824983.dita?rev=1324773&r1=1324772&r2=1324773&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevsetprop824983.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevsetprop824983.dita Wed Apr 11 14:11:39 2012
@@ -34,14 +34,6 @@ System.out.println("derby.storage.pageSi
 </b></codeblock></p>
 <p>You can also use Java Management Extensions (JMX) technology to obtain
 system information, including some settings that correspond to system
-properties. For details, visit the wiki page
-<xref format="html" href="http://wiki.apache.org/db-derby/DerbyJMX"
-scope="external">http://wiki.apache.org/db-derby/DerbyJMX</xref>
-and refer to the API documentation for the packages
-<codeph>org.apache.derby.mbeans</codeph> and
-<codeph>org.apache.derby.mbeans.drda</codeph>. For information on JMX
-technology, see 
-<xref format="html" href="http://download.oracle.com/javase/6/docs/technotes/guides/jmx/"
-scope="external">http://download.oracle.com/javase/6/docs/technotes/guides/jmx/</xref>.
-</p>
+properties. For details, see "Using Java Management Extensions (JMX) technology"
+in the <ph conref="../conrefs.dita#pub/citadmin"></ph>.</p>
 </conbody></concept>



Mime
View raw message