Ok, what I was trying to say is this :
By using the jmxremote.password.file etc.. on the JVM which runs Tomcat, you let this JVM
know which remote user-id's can connect, and what password they should use.
Now, from the client side, when you connect, you have to provide such a valid user-id and
password, to "login" to the server.
If you try the jconsole utility as a client, you will see this on the connection box.
I have no idea how you supply these credentials programmatically from /your/ client, but
that is what you have to find out.
Ziggy wrote:
> Ok i am stuck now - here is the full configuration
>
> $CATALINA_BASE/setenv.sh
> ---------------------------
> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
> -Dcom.sun.management.jmxremote.ssl=false
> -Dcom.sun.management.jmxremote.authenticate=true
> -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access"
> export CATALINA_OPTS
>
> $CATALINA_BASE/conf/jmxremote.password
> ---------------------------------------
> monitorRole monitorpass
> controlRole controlpass
>
> $CATALINA_BASE/conf/jmxremote.access
> ---------------------------------------
> monitorRole readonly
> controlRole readwrite
>
> The client tool i am using to access the Tomcat JMX server is running on the
> same machine as the Tomcat instance. when i start tomcat i can see that
> there is something listening at port 18070 but when i try to connect i get
> the following error
>
> Exception in thread "main" java.lang.SecurityException:
> Authentication failed! Credentials required
> at
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)
> at
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)
> at
> sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:185)
> at
> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)
>
>
> I connect using the following bit of code
>
>
> try {
> url = new
> JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:18070/jmxrmi");
> jmxc = JMXConnectorFactory.connect(url,null);
> mbsc = jmxc.getMBeanServerConnection();
> } catch (MalformedURLException e) {
> throw new Exception(methodName + ":" + e);
> } catch (IOException e) {
> throw new Exception(methodName + ":" + "Failed to
> connect to the Tomcat Server " + e);
> }
>
> It works fine if i set com.sun.management.jmxremote.authenticate=true to
> false. Other than that it just fails. The client tool is running on the same
> machine as the tomcat instance so there should not be any issues with the
> firewall. Any clues
>
> On Thu, Jan 13, 2011 at 1:20 PM, André Warnier <aw@ice-sa.com> wrote:
>
>> Ziggy wrote:
>>
>>> Tomcat JMX connection - Authentication failed.
>>>
>>> I am having some problems setting up Tomcat for JMX. I added the following
>>> properties to CATALINA_OPTS
>>>
>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>
>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>> -Dcom.sun
>>> .management.jmxremote.ssl=false"
>>>
>>> And have added the jmxremote.password file in to the conf directory. I
>>> wrote
>>> a client tool that connects to the JMX server running on port 18070. When
>>> i
>>> run the client program i get the following error.
>>>
>>> Exception in thread "main" java.lang.SecurityException: Authentication
>>> failed! Credentials required
>>> at
>>>
>> ...
>>
>> Ok, so how does your client provide a username and password to the server's
>> JMX interface, when it connects ?
>>
>>
>>
>>> If i change the CATALINA_OPTS properties to
>>>
>>> CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=18070
>>>
>>> -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password
>>> -Dcom.sun
>>> .management.jmxremote.ssl=false
>>> -Dcom.sun.management.jmxremote.authenticate=false"
>>>
>>> Then it works fine.
>>>
>> Of course, since then there is no authentication required.
>>
>>
>>
>> I think what i am confused of is what is classed as
>>
>>> remote access. I am running the client program away from the Tomcat
>>> instance
>>> but both Tomcat and the client tool are on the same machine (i.e.
>>> different
>>> virtual machines but same environemnt). I thought i had to configure the
>>> remote authentication if i access the JMX server remotely from a different
>>> machine.
>>>
>>> By remote access do they mean accessing the JMX server from any VM either
>>> locally on the same machine or remotely from a different machine?
>>>
>>> I believe that in this context, "remote" just means "via a TCP/IP
>> connection".
>> It does not matter if your client is on the same host or not. If it
>> accesses the "server" via TCP/IP, then it counts as remote.
>>
>> There is another way to connect, limited to local processes running on the
>> same host, but I forget how it is called or how it works.
>> You can see the distinction pretty clearly by using the "jconsole"
>> application, which is included in the JDK.
>>
>> Note : for the "remote" kind of access, there is another (second) TCP
>> connection used, separate from the port which you indicate with the
>> jmxremote.port parameter.
>> If you are on the same host, it does not matter, but if you really need to
>> connect from another host through a firewall or so, it may.
>> You may want to have a look here for more info :
>>
>> http://download.oracle.com/javase/6/docs/technotes/guides/management/agent.html#gdevo
>> (see the section : Monitoring Applications through a Firewall)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|