you can relate them to together and close both when you are done. thanks
-D On Sat, Apr 27, 2013 at 9:50 PM, Freeman Fang <[email protected]>wrote: > Hi, > > Yeah, if you specify both rmiRegistryHost and rmiServerHost as > 127.0.0.1(localhost), then this can prevent remote jmx access. > ------------- > Freeman(Yue) Fang > > Red Hat, Inc. > FuseSource is now part of Red Hat > Web: http://fusesource.com | http://www.redhat.com/ > Twitter: freemanfang > Blog: http://freemanfang.blogspot.com > http://blog.sina.com.cn/u/1473905042 > weibo: @Freeman小屋 > > On 2013-4-28, at 下午12:08, Dan Tran wrote: > > > is this related to https://issues.apache.org/jira/browse/KARAF-2137 ?? > > > > Thanks > > > > -D > > > > > > On Sat, Apr 27, 2013 at 7:27 PM, Freeman Fang <[email protected] > >wrote: > > > >> It's backward compatible for the early karaf 2.3.x, but the karaf 2.2.x > >> default org.apache.karaf.management.cfg should also work. > >> ------------- > >> Freeman(Yue) Fang > >> > >> Red Hat, Inc. > >> FuseSource is now part of Red Hat > >> Web: http://fusesource.com | http://www.redhat.com/ > >> Twitter: freemanfang > >> Blog: http://freemanfang.blogspot.com > >> http://blog.sina.com.cn/u/1473905042 > >> weibo: @Freeman小屋 > >> > >> On 2013-4-28, at 上午10:22, Dan Tran wrote: > >> > >>> Oops, sorry this does not apply to 2.2.x > >>> > >>> -D > >>> > >>> On Saturday, April 27, 2013, Dan Tran wrote: > >>> > >>>> is this backward compatible with existing karaf 2.2.x > >>>> org.apache.karaf.managment.cfg file? > >>>> > >>>> > >>>> > >>>> > >>>> On Sat, Apr 27, 2013 at 6:44 PM, <[email protected] <javascript:_e({}, > >>>> 'cvml', '[email protected]');>> wrote: > >>>> > >>>>> Author: ffang > >>>>> Date: Sun Apr 28 01:44:25 2013 > >>>>> New Revision: 1476704 > >>>>> > >>>>> URL: http://svn.apache.org/r1476704 > >>>>> Log: > >>>>> [KARAF-2291]make rmiServerHost configurable > >>>>> > >>>>> Modified: > >>>>> > >>>>> > >> > karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg > >>>>> > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java > >>>>> > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml > >>>>> > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties > >>>>> > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml > >>>>> > >>>>> Modified: > >>>>> > >> > karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg > >>>>> URL: > >>>>> > >> > http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg?rev=1476704&r1=1476703&r2=1476704&view=diff > >>>>> > >>>>> > >> > ============================================================================== > >>>>> --- > >>>>> > >> > karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg > >>>>> (original) > >>>>> +++ > >>>>> > >> > karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg > >>>>> Sun Apr 28 01:44:25 2013 > >>>>> @@ -36,6 +36,8 @@ rmiRegistryHost = 0.0.0.0 > >>>>> # > >>>>> rmiServerPort = 44444 > >>>>> > >>>>> +rmiServerHost = 0.0.0.0 > >>>>> + > >>>>> # > >>>>> # Name of the JAAS realm used for authentication > >>>>> # > >>>>> @@ -44,7 +46,7 @@ jmxRealm = karaf > >>>>> # > >>>>> # The service URL for the JMXConnectorServer > >>>>> # > >>>>> -serviceUrl = service:jmx:rmi://0.0.0.0: > >>>>> > >> > ${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${ > >>>>> karaf.name} > >>>>> +serviceUrl = > >>>>> > >> > service:jmx:rmi://${rmiServerHost}:${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${ > >>>>> karaf.name} > >>>>> > >>>>> # > >>>>> # Whether any threads started for the JMXConnectorServer should be > >>>>> started as daemon threads > >>>>> > >>>>> Modified: > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java > >>>>> URL: > >>>>> > >> > http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java?rev=1476704&r1=1476703&r2=1476704&view=diff > >>>>> > >>>>> > >> > ============================================================================== > >>>>> --- > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java > >>>>> (original) > >>>>> +++ > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java > >>>>> Sun Apr 28 01:44:25 2013 > >>>>> @@ -20,6 +20,7 @@ import org.apache.karaf.jaas.config.Keys > >>>>> > >>>>> import java.io.IOException; > >>>>> import java.net.BindException; > >>>>> +import java.net.InetAddress; > >>>>> import java.net.ServerSocket; > >>>>> import java.rmi.server.RMIClientSocketFactory; > >>>>> import java.rmi.server.RMIServerSocketFactory; > >>>>> @@ -33,6 +34,7 @@ import javax.management.remote.JMXConnec > >>>>> import javax.management.remote.JMXConnectorServerFactory; > >>>>> import javax.management.remote.JMXServiceURL; > >>>>> import javax.management.remote.rmi.RMIConnectorServer; > >>>>> +import javax.net.ServerSocketFactory; > >>>>> import javax.net.ssl.KeyManagerFactory; > >>>>> import javax.net.ssl.SSLServerSocket; > >>>>> import javax.net.ssl.SSLServerSocketFactory; > >>>>> @@ -44,6 +46,7 @@ public class ConnectorServerFactory { > >>>>> > >>>>> private MBeanServer server; > >>>>> private String serviceUrl; > >>>>> + private String rmiServerHost; > >>>>> private Map environment; > >>>>> private ObjectName objectName; > >>>>> private boolean threaded = false; > >>>>> @@ -201,11 +204,12 @@ public class ConnectorServerFactory { > >>>>> } > >>>>> > >>>>> public void init() throws Exception { > >>>>> + System.out.println("the serviceUrl is " + serviceUrl); > >>>>> if (this.server == null) { > >>>>> throw new IllegalArgumentException("server must be set"); > >>>>> } > >>>>> JMXServiceURL url = new JMXServiceURL(this.serviceUrl); > >>>>> - > >>>>> + setupKarafRMIServerSocketFactory(); > >>>>> if (isClientAuth()) { > >>>>> this.secured = true; > >>>>> } > >>>>> @@ -280,7 +284,7 @@ public class ConnectorServerFactory { > >>>>> > >>>>> private void setupSsl() throws GeneralSecurityException { > >>>>> SSLServerSocketFactory sslServerSocketFactory = > >>>>> keystoreManager.createSSLServerFactory(null, secureProtocol, > algorithm, > >>>>> keyStore, keyAlias, trustStore, keyStoreAvailabilityTimeout); > >>>>> - RMIServerSocketFactory rmiServerSocketFactory = new > >>>>> KarafSslRMIServerSocketFactory(sslServerSocketFactory, > >> this.isClientAuth()); > >>>>> + RMIServerSocketFactory rmiServerSocketFactory = new > >>>>> KarafSslRMIServerSocketFactory(sslServerSocketFactory, > >> this.isClientAuth(), > >>>>> getRmiServerHost()); > >>>>> RMIClientSocketFactory rmiClientSocketFactory = new > >>>>> SslRMIClientSocketFactory(); > >>>>> > >>>>> > environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, > >>>>> rmiServerSocketFactory); > >>>>> > >>>>> > environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, > >>>>> rmiClientSocketFactory); > >>>>> @@ -288,20 +292,54 @@ public class ConnectorServerFactory { > >>>>> // environment.put("com.sun.jndi.rmi.factory.socket", > >>>>> rmiClientSocketFactory); > >>>>> } > >>>>> > >>>>> + private void setupKarafRMIServerSocketFactory() { > >>>>> + RMIServerSocketFactory rmiServerSocketFactory = new > >>>>> KarafRMIServerSocketFactory(getRmiServerHost()); > >>>>> + > >>>>> > environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, > >>>>> rmiServerSocketFactory); > >>>>> + } > >>>>> + > >>>>> + public String getRmiServerHost() { > >>>>> + return rmiServerHost; > >>>>> + } > >>>>> + > >>>>> + public void setRmiServerHost(String rmiServerHost) { > >>>>> + this.rmiServerHost = rmiServerHost; > >>>>> + } > >>>>> + > >>>>> private static class KarafSslRMIServerSocketFactory implements > >>>>> RMIServerSocketFactory { > >>>>> private SSLServerSocketFactory sslServerSocketFactory; > >>>>> private boolean clientAuth; > >>>>> + private String rmiServerHost; > >>>>> > >>>>> - public KarafSslRMIServerSocketFactory(SSLServerSocketFactory > >>>>> sslServerSocketFactory, boolean clientAuth) { > >>>>> + public KarafSslRMIServerSocketFactory(SSLServerSocketFactory > >>>>> sslServerSocketFactory, boolean clientAuth, String rmiServerHost) { > >>>>> this.sslServerSocketFactory = sslServerSocketFactory; > >>>>> this.clientAuth = clientAuth; > >>>>> + this.rmiServerHost = rmiServerHost; > >>>>> } > >>>>> > >>>>> public ServerSocket createServerSocket(int port) throws > >>>>> IOException { > >>>>> - SSLServerSocket sslServerSocket = (SSLServerSocket) > >>>>> sslServerSocketFactory.createServerSocket(port); > >>>>> + System.out.println(rmiServerHost); > >>>>> + > System.out.println(InetAddress.getByName(rmiServerHost)); > >>>>> + SSLServerSocket sslServerSocket = (SSLServerSocket) > >>>>> sslServerSocketFactory.createServerSocket(port, 50, > >>>>> InetAddress.getByName(rmiServerHost)); > >>>>> sslServerSocket.setNeedClientAuth(clientAuth); > >>>>> + System.out.println(sslServerSocket); > >>>>> return sslServerSocket; > >>>>> } > >>>>> } > >>>>> + > >>>>> + private static class KarafRMIServerSocketFactory implements > >>>>> RMIServerSocketFactory { > >>>>> + private String rmiServerHost; > >>>>> + > >>>>> + public KarafRMIServerSocketFactory(String rmiServerHost) { > >>>>> + this.rmiServerHost = rmiServerHost; > >>>>> + } > >>>>> + > >>>>> + public ServerSocket createServerSocket(int port) throws > >>>>> IOException { > >>>>> + System.out.println(rmiServerHost); > >>>>> + > System.out.println(InetAddress.getByName(rmiServerHost)); > >>>>> + ServerSocket serverSocket = (ServerSocket) > >>>>> ServerSocketFactory.getDefault().createServerSocket(port, 50, > >>>>> InetAddress.getByName(rmiServerHost)); > >>>>> + System.out.println(serverSocket); > >>>>> + return serverSocket; > >>>>> + } > >>>>> + } > >>>>> > >>>>> } > >>>>> > >>>>> Modified: > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml > >>>>> URL: > >>>>> > >> > http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml?rev=1476704&r1=1476703&r2=1476704&view=diff > >>>>> > >>>>> > >> > ============================================================================== > >>>>> --- > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml > >>>>> (original) > >>>>> +++ > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml > >>>>> Sun Apr 28 01:44:25 2013 > >>>>> @@ -34,6 +34,7 @@ > >>>>> <cm:default-properties> > >>>>> <cm:property name="rmiRegistryHost" value="0.0.0.0"/> > >>>>> <cm:property name="rmiRegistryPort" value="1099"/> > >>>>> + <cm:property name="rmiServerHost" value="0.0.0.0"/> > >>>>> <cm:property name="rmiServerPort" value="44444"/> > >>>>> <cm:property name="jmxRealm" value="karaf"/> > >>>>> <cm:property name="jmxRole" value="$[karaf.admin.role]"/> > >>>>> @@ -80,6 +81,7 @@ > >>>>> destroy-method="destroy"> > >>>>> <property name="server" ref="mbeanServer"/> > >>>>> <property name="serviceUrl" value="${serviceUrl}"/> > >>>>> + <property name="rmiServerHost" value="${rmiServerHost}"/> > >>>>> <property name="daemon" value="${daemon}"/> > >>>>> <property name="threaded" value="${threaded}"/> > >>>>> <property name="objectName" value="${objectName}"/> > >>>>> > >>>>> Modified: > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties > >>>>> URL: > >>>>> > >> > http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1476704&r1=1476703&r2=1476704&view=diff > >>>>> > >>>>> > >> > ============================================================================== > >>>>> --- > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties > >>>>> (original) > >>>>> +++ > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties > >>>>> Sun Apr 28 01:44:25 2013 > >>>>> @@ -30,6 +30,9 @@ rmiRegistryHost.description = host of th > >>>>> rmiRegistryPort.name = RMI Registry Port > >>>>> rmiRegistryPort.description = port of the registry for the exported > RMI > >>>>> service > >>>>> > >>>>> +rmiServerHost.name = RMI Server Host > >>>>> +rmiServerHost.description = host of the server for the exported RMI > >>>>> objects. Blank for all interfaces > >>>>> + > >>>>> rmiServerPort.name = RMI Server Port > >>>>> rmiServerPort.description = port of the server for the exported RMI > >>>>> objects > >>>>> > >>>>> > >>>>> Modified: > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml > >>>>> URL: > >>>>> > >> > http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml?rev=1476704&r1=1476703&r2=1476704&view=diff > >>>>> > >>>>> > >> > ============================================================================== > >>>>> --- > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml > >>>>> (original) > >>>>> +++ > >>>>> > >> > karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml > >>>>> Sun Apr 28 01:44:25 2013 > >>>>> @@ -23,6 +23,8 @@ > >>>>> description="%rmiRegistryHost.description"/> > >>>>> <AD id="rmiRegistryPort" type="Integer" default="1099" > >>>>> name="%rmiRegistryPort.name" > >>>>> description="%rmiRegistryPort.description"/> > >>>>> + <AD id="rmiServerHost" type="String" default="" > >>>>> name="%rmiServerHost.name" > >>>>> + description="%rmiServerHost.description"/> > >>>>> <AD id="rmiServerPort" type="Integer" default="44444" > >>>>> name="%rmiServerPort.name" > >>>>> description="%rmiServerPort.description"/> > >>>>> <AD id="jmxRealm" type="String" default="karaf" > >>>>> name="%jmxRealm.name" > >>>>> > >>>>> > >>>>> > >>>> > >> > >> > >
