tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 39055] New: - Firewall access for JSR 160 JMX with Java 5
Date Tue, 21 Mar 2006 23:04:35 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39055>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39055

           Summary: Firewall access for JSR 160 JMX with Java 5
           Product: Tomcat 5
           Version: 5.5.16
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: George.Lindholm@ubc.ca


http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html states:

  Note:The JSR 160 JMX-Adaptor opens a second data protocol port. That is a
problem when you have installed a local firewall.

This can be fixed by using a custom JMXConnectorServer to control both
ports thus allowing firewall access.

Eg. This is a GLP I threw together to try it out:

public class JMXPortServer extends HttpServlet {
  static JMXConnectorServer cs;
  static String jmxHost;
  static {
    try {
      final InetAddress host = InetAddress.getLocalHost();
      jmxHost = host.getHostName();
      final int jmxPort =
Integer.parseInt(System.getProperty("org.jasig.portal.jmxPort"));
      final int jmxPort2 = jmxPort + 1;

      LocateRegistry.createRegistry(jmxPort);
      System.err.println("getPlatformMBeanServer()");
      MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();

      HashMap env = new HashMap();
      final String sslProperty = "com.sun.management.jmxremote.ssl";
      String value = System.getProperty(sslProperty);
      if (Boolean.getBoolean(value)) {
        SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
        SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory();
        env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf);
        env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf);
      }

      final String passwordFileProperty =
"com.sun.management.jmxremote.password.file";
      value = System.getProperty(passwordFileProperty);
      if (value != null) {
        env.put("jmx.remote.x.password.file", value);
      }

      final String jmxUrl = "service:jmx:rmi://" + jmxHost + ":" + jmxPort2
+"/jndi/rmi://" + jmxHost + ":" + jmxPort + "/server";
      final JMXServiceURL url = new JMXServiceURL(jmxUrl);
      cs = JMXConnectorServerFactory.newJMXConnectorServer(
          url, env, mbs);

      try {
        cs.start();
        LogService.log(LogService.INFO, "JMXPrtServer started on " + jmxUrl);
      } catch (IOException ex) {
        LogService.log(LogService.ERROR, ex);
      }
    } catch (Exception ex) {
      System.err.println(ex);
    }
  }
}

I tell tomcat to load the servlet through web.xml and start the
JVM with:

-Dcom.sun.management.jmxremote -Dorg.jasig.portal.jmxPort=7087
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=/usr/local/src/myUBC2/conf/jmxremote.password


I then run jconsole on my desktop with:

  jconsole service:jmx:rmi://host:7088/jndi/rmi://host:7087/server

and, bingo, JMX access.

It would be be better if this was built into Tomcat as a configuration
option, rather than having to do it as part of every Tomcat instance.

I haven't tried out the ssl connection code (I got this code from
http://forum.java.sun.com/thread.jspa?forumID=58&threadID=703567)

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message