geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v2.1 > Configure secure JMX server
Date Mon, 19 Apr 2010 11:28:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1520/1/1/_/styles/combined.css?spaceKey=GMOxDOC21&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configure+secure+JMX+server">Configure
secure JMX server</a></h2>
     <h4>Page <b>edited</b> by             <a href="http://cwiki.apache.org/confluence/display/~chirunhua@gmail.com">Runhua
Chi</a>
    </h4>
     
          <br/>
     <div class="notificationGreySide">
         <p>Starting with Geronimo 2.1.2, Geronimo has a secure JMX server. However,
the JMX server is not started by default. To start the secure JMX server start the <b>org.apache.geronimo.framework/jmx-security//car</b>
module using the Admin Console or the deployer tool. For example:</p>

<p><tt><b>&lt;geronimo_home&gt;/bin/deploy -u system -p manager
start jmx-security</b></tt></p>

<p>The secure JMX server will be running on port 9998.</p>

<p>The deployer tool, the GShell deployer commands, and other command line tools can
be configured to use the secure JMX server. Please see <a href="/confluence/display/GMOxDOC21/Tools+and+commands#Toolsandcommands-Security">Tools
and commands</a> for more information.</p>

<h3><a name="ConfiguresecureJMXserver-DisablenonsecureJMXserver"></a>Disable
non-secure JMX server</h3>

<p>The insecure JMX server can be turned off by modifying the <tt>&lt;geronimo_home&gt;/var/config/config.xml</tt>
configuration file. Edit the <tt>&lt;geronimo_home&gt;/var/config/config.xml</tt>
configuration file and add <b>load="false"</b> attribute to the following entires:</p>

<ol>
	<li><tt>&lt;gbean name="JMXService"&gt;</tt></li>
	<li><tt>&lt;module name="org.apache.geronimo.configs/clustering//car"&gt;</tt></li>
	<li><tt>&lt;module name="org.apache.geronimo.configs/tomcat6-clustering-builder-wadi//car"&gt;</tt>
<br clear="all" />
<br clear="all" />
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td
valign='top'><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16"
align="absmiddle" alt="" border="0"></td><td>Adding <b>load="false"</b>
attribute to the second entry will disable the clustering support in Geronimo. Right now,
the clustering support requires the insecure JMX server to be running. If you need the clustering
support, the insecure JMX server cannot be disabled.</td></tr></table></div></li>
</ol>


<h3><a name="ConfiguresecureJMXserver-ConnecttheGeronimowithJConsole"></a>Connect
the Geronimo with JConsole</h3>
<p>JConsole is a Java Management eXtension (JMX) compliant GUI tool that can be used
to connect to a running Geronimo server instance. In JConsole, you will be able to monitor
the JVM memory usage, threads stack trace, loaded classes and VM information as well as Geronimo
MBeans. To securely connect to the JMX server on local Geronimo, do as followed:</p>

<ol>
	<li>Startup the server with updated <tt>config.xml</tt> file;</li>
	<li>export GERONIMO_HOME with actual value;</li>
	<li>Start JConsole with following command line:
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
 	jconsole -J-Djavax.net.ssl.keyStore=$GERONIMO_HOME/<span class="code-keyword">var</span>/security/keystores/geronimo-<span
class="code-keyword">default</span>
 	-J-Djavax.net.ssl.keyStorePassword=secret
 	-J-Djavax.net.ssl.trustStore=$GERONIMO_HOME/<span class="code-keyword">var</span>/security/keystores/geronimo-<span
class="code-keyword">default</span>
 	-J-Djavax.net.ssl.trustStorePassword=secret
</pre>
</div></div></li>
	<li>In the <b>New Connection</b> dialog, enter the <b>JMX URL</b>
as <tt>service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector</tt>, <b>Username</b>
as <tt>system</tt> and <b>Password</b> as <tt>manager</tt>.
Click <b>Connect</b>. See <a href="/confluence/pages/createpage.action?spaceKey=GMOxDOC21&amp;title=Configuring+SSL+client+authentication&amp;linkCreation=true&amp;fromPageId=91644"
class="createlink">Configuring SSL client authentication</a> about instructions for
Geronimo 2.1.5.</li>
</ol>


<p><img src="/confluence/download/attachments/91644/Secure connection with JConsole.png"
align="absmiddle" border="0" /></p>
     </div>
     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>

       <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configure+secure+JMX+server">View
Online</a>
       |
       <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=91644&revisedVersion=8&originalVersion=7">View
Change</a>
              |
       <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configure+secure+JMX+server?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message