geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shawn Jiang (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-4534) Can't secure connect to JMX with JConsole.
Date Tue, 10 Feb 2009 07:11:00 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Shawn Jiang updated GERONIMO-4534:
----------------------------------

    Priority: Major  (was: Blocker)

update to major from blocker and some investigation result here:

This defect is caused by a recent change in class JMXSecureConnector to use org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory
to replace javax.rmi.ssl.SslRMIClientSocketFactory.

JConsole need the client socket factory class locally to connect to the JMX server.  That's
why this defect happened.  Two possible solutions.

* 1, Put the geronimo-kernel-2.1.4-SNAPSHOT.jar to the classpath when starting the jconsole
so that jconsole could find org.apache.geronimo.kernel.rmi.GeronimoSslRMIClientSocketFactory.

* 2, Revert the client socket factory to javax.rmi.ssl.SslRMIClientSocketFactory.


Solution #1 just needs to update the document.  But it has a limitation when user can't use
jconsole at a machine without the geronimo-kernel-2.1.4-SNAPSHOT.jar to connect to the JMX
server.

Solution #2 needs review because there's no JIRA related to the client socket factory replacement
in the svn commit.
* path: https://svn.apache.org/repos/asf/geronimo/server/branches/2.1/framework/modules/geronimo-kernel/
* revision 727268.
* log: "RMI client socket factories that set socket timeouts - should prevent automatic builds
from getting stuck"






> Can't secure connect to JMX with JConsole.
> ------------------------------------------
>
>                 Key: GERONIMO-4534
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4534
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: management
>    Affects Versions: 2.1.4, 2.2
>         Environment: Windows XP 
> Sun JDK 1.5
> geronimo_tomcat6_2.1.4_snapshot/20090209/
>            Reporter: Shawn Jiang
>
> I'm trying to use jconsole to securely connect to the JMX server of geronimo 2.1.4 snapshot
according to the guide here:
> http://cewiki.cn.ibm.com:7080/confluence/display/V21Docs/Working+with+the+secure+JMX+server
> * 1, Change the config.xml and start the server.
> * 2, use "jconsole -J-Djavax.net.ssl.keyStore=%GERONMO_HOME%\var\security\keystores\geronimo-default
-J-Djavax.net.ssl.keyStorePassword=secret -J-Djavax.net.ssl.trustStore=%GERONMO_HOME%\var\security\keystores\geronimo-default
-J-Djavax.net.ssl.trustStorePassword=secret " start the jconsole.
> * 3, in the jconsole interface->advanced, input:
> JMX URL:   service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector
> user name: system
> password: manager
> * 4, click the connect button.
> expected result: could connect to the JMX server.
> actual result:  CAN NOT connect to the JMX server.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message