Hi, Yeah, if you specify both rmiRegistryHost and rmiServerHost as 127.0.0.1(localhost), then this can prevent remote jmx access. ------------- Freeman(Yue) Fang
Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: @Freeman小屋 On 2013-4-28, at 下午12:08, Dan Tran wrote: > is this related to https://issues.apache.org/jira/browse/KARAF-2137 ?? > > Thanks > > -D > > > On Sat, Apr 27, 2013 at 7:27 PM, Freeman Fang <freeman.f...@gmail.com>wrote: > >> It's backward compatible for the early karaf 2.3.x, but the karaf 2.2.x >> default org.apache.karaf.management.cfg should also work. >> ------------- >> Freeman(Yue) Fang >> >> Red Hat, Inc. >> FuseSource is now part of Red Hat >> Web: http://fusesource.com | http://www.redhat.com/ >> Twitter: freemanfang >> Blog: http://freemanfang.blogspot.com >> http://blog.sina.com.cn/u/1473905042 >> weibo: @Freeman小屋 >> >> On 2013-4-28, at 上午10:22, Dan Tran wrote: >> >>> Oops, sorry this does not apply to 2.2.x >>> >>> -D >>> >>> On Saturday, April 27, 2013, Dan Tran wrote: >>> >>>> is this backward compatible with existing karaf 2.2.x >>>> org.apache.karaf.managment.cfg file? >>>> >>>> >>>> >>>> >>>> On Sat, Apr 27, 2013 at 6:44 PM, <ff...@apache.org <javascript:_e({}, >>>> 'cvml', 'ff...@apache.org');>> wrote: >>>> >>>>> Author: ffang >>>>> Date: Sun Apr 28 01:44:25 2013 >>>>> New Revision: 1476704 >>>>> >>>>> URL: http://svn.apache.org/r1476704 >>>>> Log: >>>>> [KARAF-2291]make rmiServerHost configurable >>>>> >>>>> Modified: >>>>> >>>>> >> karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg >>>>> >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java >>>>> >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml >>>>> >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties >>>>> >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml >>>>> >>>>> Modified: >>>>> >> karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg >>>>> URL: >>>>> >> http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg?rev=1476704&r1=1476703&r2=1476704&view=diff >>>>> >>>>> >> ============================================================================== >>>>> --- >>>>> >> karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg >>>>> (original) >>>>> +++ >>>>> >> karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg >>>>> Sun Apr 28 01:44:25 2013 >>>>> @@ -36,6 +36,8 @@ rmiRegistryHost = 0.0.0.0 >>>>> # >>>>> rmiServerPort = 44444 >>>>> >>>>> +rmiServerHost = 0.0.0.0 >>>>> + >>>>> # >>>>> # Name of the JAAS realm used for authentication >>>>> # >>>>> @@ -44,7 +46,7 @@ jmxRealm = karaf >>>>> # >>>>> # The service URL for the JMXConnectorServer >>>>> # >>>>> -serviceUrl = service:jmx:rmi://0.0.0.0: >>>>> >> ${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${ >>>>> karaf.name} >>>>> +serviceUrl = >>>>> >> service:jmx:rmi://${rmiServerHost}:${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${ >>>>> karaf.name} >>>>> >>>>> # >>>>> # Whether any threads started for the JMXConnectorServer should be >>>>> started as daemon threads >>>>> >>>>> Modified: >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java >>>>> URL: >>>>> >> http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java?rev=1476704&r1=1476703&r2=1476704&view=diff >>>>> >>>>> >> ============================================================================== >>>>> --- >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java >>>>> (original) >>>>> +++ >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java >>>>> Sun Apr 28 01:44:25 2013 >>>>> @@ -20,6 +20,7 @@ import org.apache.karaf.jaas.config.Keys >>>>> >>>>> import java.io.IOException; >>>>> import java.net.BindException; >>>>> +import java.net.InetAddress; >>>>> import java.net.ServerSocket; >>>>> import java.rmi.server.RMIClientSocketFactory; >>>>> import java.rmi.server.RMIServerSocketFactory; >>>>> @@ -33,6 +34,7 @@ import javax.management.remote.JMXConnec >>>>> import javax.management.remote.JMXConnectorServerFactory; >>>>> import javax.management.remote.JMXServiceURL; >>>>> import javax.management.remote.rmi.RMIConnectorServer; >>>>> +import javax.net.ServerSocketFactory; >>>>> import javax.net.ssl.KeyManagerFactory; >>>>> import javax.net.ssl.SSLServerSocket; >>>>> import javax.net.ssl.SSLServerSocketFactory; >>>>> @@ -44,6 +46,7 @@ public class ConnectorServerFactory { >>>>> >>>>> private MBeanServer server; >>>>> private String serviceUrl; >>>>> + private String rmiServerHost; >>>>> private Map environment; >>>>> private ObjectName objectName; >>>>> private boolean threaded = false; >>>>> @@ -201,11 +204,12 @@ public class ConnectorServerFactory { >>>>> } >>>>> >>>>> public void init() throws Exception { >>>>> + System.out.println("the serviceUrl is " + serviceUrl); >>>>> if (this.server == null) { >>>>> throw new IllegalArgumentException("server must be set"); >>>>> } >>>>> JMXServiceURL url = new JMXServiceURL(this.serviceUrl); >>>>> - >>>>> + setupKarafRMIServerSocketFactory(); >>>>> if (isClientAuth()) { >>>>> this.secured = true; >>>>> } >>>>> @@ -280,7 +284,7 @@ public class ConnectorServerFactory { >>>>> >>>>> private void setupSsl() throws GeneralSecurityException { >>>>> SSLServerSocketFactory sslServerSocketFactory = >>>>> keystoreManager.createSSLServerFactory(null, secureProtocol, algorithm, >>>>> keyStore, keyAlias, trustStore, keyStoreAvailabilityTimeout); >>>>> - RMIServerSocketFactory rmiServerSocketFactory = new >>>>> KarafSslRMIServerSocketFactory(sslServerSocketFactory, >> this.isClientAuth()); >>>>> + RMIServerSocketFactory rmiServerSocketFactory = new >>>>> KarafSslRMIServerSocketFactory(sslServerSocketFactory, >> this.isClientAuth(), >>>>> getRmiServerHost()); >>>>> RMIClientSocketFactory rmiClientSocketFactory = new >>>>> SslRMIClientSocketFactory(); >>>>> >>>>> environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, >>>>> rmiServerSocketFactory); >>>>> >>>>> environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, >>>>> rmiClientSocketFactory); >>>>> @@ -288,20 +292,54 @@ public class ConnectorServerFactory { >>>>> // environment.put("com.sun.jndi.rmi.factory.socket", >>>>> rmiClientSocketFactory); >>>>> } >>>>> >>>>> + private void setupKarafRMIServerSocketFactory() { >>>>> + RMIServerSocketFactory rmiServerSocketFactory = new >>>>> KarafRMIServerSocketFactory(getRmiServerHost()); >>>>> + >>>>> environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, >>>>> rmiServerSocketFactory); >>>>> + } >>>>> + >>>>> + public String getRmiServerHost() { >>>>> + return rmiServerHost; >>>>> + } >>>>> + >>>>> + public void setRmiServerHost(String rmiServerHost) { >>>>> + this.rmiServerHost = rmiServerHost; >>>>> + } >>>>> + >>>>> private static class KarafSslRMIServerSocketFactory implements >>>>> RMIServerSocketFactory { >>>>> private SSLServerSocketFactory sslServerSocketFactory; >>>>> private boolean clientAuth; >>>>> + private String rmiServerHost; >>>>> >>>>> - public KarafSslRMIServerSocketFactory(SSLServerSocketFactory >>>>> sslServerSocketFactory, boolean clientAuth) { >>>>> + public KarafSslRMIServerSocketFactory(SSLServerSocketFactory >>>>> sslServerSocketFactory, boolean clientAuth, String rmiServerHost) { >>>>> this.sslServerSocketFactory = sslServerSocketFactory; >>>>> this.clientAuth = clientAuth; >>>>> + this.rmiServerHost = rmiServerHost; >>>>> } >>>>> >>>>> public ServerSocket createServerSocket(int port) throws >>>>> IOException { >>>>> - SSLServerSocket sslServerSocket = (SSLServerSocket) >>>>> sslServerSocketFactory.createServerSocket(port); >>>>> + System.out.println(rmiServerHost); >>>>> + System.out.println(InetAddress.getByName(rmiServerHost)); >>>>> + SSLServerSocket sslServerSocket = (SSLServerSocket) >>>>> sslServerSocketFactory.createServerSocket(port, 50, >>>>> InetAddress.getByName(rmiServerHost)); >>>>> sslServerSocket.setNeedClientAuth(clientAuth); >>>>> + System.out.println(sslServerSocket); >>>>> return sslServerSocket; >>>>> } >>>>> } >>>>> + >>>>> + private static class KarafRMIServerSocketFactory implements >>>>> RMIServerSocketFactory { >>>>> + private String rmiServerHost; >>>>> + >>>>> + public KarafRMIServerSocketFactory(String rmiServerHost) { >>>>> + this.rmiServerHost = rmiServerHost; >>>>> + } >>>>> + >>>>> + public ServerSocket createServerSocket(int port) throws >>>>> IOException { >>>>> + System.out.println(rmiServerHost); >>>>> + System.out.println(InetAddress.getByName(rmiServerHost)); >>>>> + ServerSocket serverSocket = (ServerSocket) >>>>> ServerSocketFactory.getDefault().createServerSocket(port, 50, >>>>> InetAddress.getByName(rmiServerHost)); >>>>> + System.out.println(serverSocket); >>>>> + return serverSocket; >>>>> + } >>>>> + } >>>>> >>>>> } >>>>> >>>>> Modified: >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml >>>>> URL: >>>>> >> http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml?rev=1476704&r1=1476703&r2=1476704&view=diff >>>>> >>>>> >> ============================================================================== >>>>> --- >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml >>>>> (original) >>>>> +++ >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml >>>>> Sun Apr 28 01:44:25 2013 >>>>> @@ -34,6 +34,7 @@ >>>>> <cm:default-properties> >>>>> <cm:property name="rmiRegistryHost" value="0.0.0.0"/> >>>>> <cm:property name="rmiRegistryPort" value="1099"/> >>>>> + <cm:property name="rmiServerHost" value="0.0.0.0"/> >>>>> <cm:property name="rmiServerPort" value="44444"/> >>>>> <cm:property name="jmxRealm" value="karaf"/> >>>>> <cm:property name="jmxRole" value="$[karaf.admin.role]"/> >>>>> @@ -80,6 +81,7 @@ >>>>> destroy-method="destroy"> >>>>> <property name="server" ref="mbeanServer"/> >>>>> <property name="serviceUrl" value="${serviceUrl}"/> >>>>> + <property name="rmiServerHost" value="${rmiServerHost}"/> >>>>> <property name="daemon" value="${daemon}"/> >>>>> <property name="threaded" value="${threaded}"/> >>>>> <property name="objectName" value="${objectName}"/> >>>>> >>>>> Modified: >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties >>>>> URL: >>>>> >> http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1476704&r1=1476703&r2=1476704&view=diff >>>>> >>>>> >> ============================================================================== >>>>> --- >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties >>>>> (original) >>>>> +++ >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties >>>>> Sun Apr 28 01:44:25 2013 >>>>> @@ -30,6 +30,9 @@ rmiRegistryHost.description = host of th >>>>> rmiRegistryPort.name = RMI Registry Port >>>>> rmiRegistryPort.description = port of the registry for the exported RMI >>>>> service >>>>> >>>>> +rmiServerHost.name = RMI Server Host >>>>> +rmiServerHost.description = host of the server for the exported RMI >>>>> objects. Blank for all interfaces >>>>> + >>>>> rmiServerPort.name = RMI Server Port >>>>> rmiServerPort.description = port of the server for the exported RMI >>>>> objects >>>>> >>>>> >>>>> Modified: >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml >>>>> URL: >>>>> >> http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml?rev=1476704&r1=1476703&r2=1476704&view=diff >>>>> >>>>> >> ============================================================================== >>>>> --- >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml >>>>> (original) >>>>> +++ >>>>> >> karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml >>>>> Sun Apr 28 01:44:25 2013 >>>>> @@ -23,6 +23,8 @@ >>>>> description="%rmiRegistryHost.description"/> >>>>> <AD id="rmiRegistryPort" type="Integer" default="1099" >>>>> name="%rmiRegistryPort.name" >>>>> description="%rmiRegistryPort.description"/> >>>>> + <AD id="rmiServerHost" type="String" default="" >>>>> name="%rmiServerHost.name" >>>>> + description="%rmiServerHost.description"/> >>>>> <AD id="rmiServerPort" type="Integer" default="44444" >>>>> name="%rmiServerPort.name" >>>>> description="%rmiServerPort.description"/> >>>>> <AD id="jmxRealm" type="String" default="karaf" >>>>> name="%jmxRealm.name" >>>>> >>>>> >>>>> >>>> >> >>