DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39055>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39055
Summary: Firewall access for JSR 160 JMX with Java 5
Product: Tomcat 5
Version: 5.5.16
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P2
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: George.Lindholm@ubc.ca
http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html states:
Note:The JSR 160 JMX-Adaptor opens a second data protocol port. That is a
problem when you have installed a local firewall.
This can be fixed by using a custom JMXConnectorServer to control both
ports thus allowing firewall access.
Eg. This is a GLP I threw together to try it out:
public class JMXPortServer extends HttpServlet {
static JMXConnectorServer cs;
static String jmxHost;
static {
try {
final InetAddress host = InetAddress.getLocalHost();
jmxHost = host.getHostName();
final int jmxPort =
Integer.parseInt(System.getProperty("org.jasig.portal.jmxPort"));
final int jmxPort2 = jmxPort + 1;
LocateRegistry.createRegistry(jmxPort);
System.err.println("getPlatformMBeanServer()");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
HashMap env = new HashMap();
final String sslProperty = "com.sun.management.jmxremote.ssl";
String value = System.getProperty(sslProperty);
if (Boolean.getBoolean(value)) {
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory();
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf);
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf);
}
final String passwordFileProperty =
"com.sun.management.jmxremote.password.file";
value = System.getProperty(passwordFileProperty);
if (value != null) {
env.put("jmx.remote.x.password.file", value);
}
final String jmxUrl = "service:jmx:rmi://" + jmxHost + ":" + jmxPort2
+"/jndi/rmi://" + jmxHost + ":" + jmxPort + "/server";
final JMXServiceURL url = new JMXServiceURL(jmxUrl);
cs = JMXConnectorServerFactory.newJMXConnectorServer(
url, env, mbs);
try {
cs.start();
LogService.log(LogService.INFO, "JMXPrtServer started on " + jmxUrl);
} catch (IOException ex) {
LogService.log(LogService.ERROR, ex);
}
} catch (Exception ex) {
System.err.println(ex);
}
}
}
I tell tomcat to load the servlet through web.xml and start the
JVM with:
-Dcom.sun.management.jmxremote -Dorg.jasig.portal.jmxPort=7087
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=/usr/local/src/myUBC2/conf/jmxremote.password
I then run jconsole on my desktop with:
jconsole service:jmx:rmi://host:7088/jndi/rmi://host:7087/server
and, bingo, JMX access.
It would be be better if this was built into Tomcat as a configuration
option, rather than having to do it as part of every Tomcat instance.
I haven't tried out the ssl connection code (I got this code from
http://forum.java.sun.com/thread.jspa?forumID=58&threadID=703567)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
|