Hi,
Yeah, if you specify both rmiRegistryHost and rmiServerHost as
127.0.0.1(localhost), then this can prevent remote jmx access.
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: @Freeman小屋
On 2013-4-28, at 下午12:08, Dan Tran wrote:
is this related to https://issues.apache.org/jira/browse/KARAF-2137 ??
Thanks
-D
On Sat, Apr 27, 2013 at 7:27 PM, Freeman Fang <[email protected]
wrote:
It's backward compatible for the early karaf 2.3.x, but the karaf 2.2.x
default org.apache.karaf.management.cfg should also work.
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: @Freeman小屋
On 2013-4-28, at 上午10:22, Dan Tran wrote:
Oops, sorry this does not apply to 2.2.x
-D
On Saturday, April 27, 2013, Dan Tran wrote:
is this backward compatible with existing karaf 2.2.x
org.apache.karaf.managment.cfg file?
On Sat, Apr 27, 2013 at 6:44 PM, <[email protected] <javascript:_e({},
'cvml', '[email protected]');>> wrote:
Author: ffang
Date: Sun Apr 28 01:44:25 2013
New Revision: 1476704
URL: http://svn.apache.org/r1476704
Log:
[KARAF-2291]make rmiServerHost configurable
Modified:
karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg
karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml
Modified:
karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg
URL:
http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg?rev=1476704&r1=1476703&r2=1476704&view=diff
==============================================================================
---
karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg
(original)
+++
karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.management.cfg
Sun Apr 28 01:44:25 2013
@@ -36,6 +36,8 @@ rmiRegistryHost = 0.0.0.0
#
rmiServerPort = 44444
+rmiServerHost = 0.0.0.0
+
#
# Name of the JAAS realm used for authentication
#
@@ -44,7 +46,7 @@ jmxRealm = karaf
#
# The service URL for the JMXConnectorServer
#
-serviceUrl = service:jmx:rmi://0.0.0.0:
${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${
karaf.name}
+serviceUrl =
service:jmx:rmi://${rmiServerHost}:${rmiServerPort}/jndi/rmi://${rmiRegistryHost}:${rmiRegistryPort}/karaf-${
karaf.name}
#
# Whether any threads started for the JMXConnectorServer should be
started as daemon threads
Modified:
karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
URL:
http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java?rev=1476704&r1=1476703&r2=1476704&view=diff
==============================================================================
---
karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
(original)
+++
karaf/branches/karaf-2.x/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
Sun Apr 28 01:44:25 2013
@@ -20,6 +20,7 @@ import org.apache.karaf.jaas.config.Keys
import java.io.IOException;
import java.net.BindException;
+import java.net.InetAddress;
import java.net.ServerSocket;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
@@ -33,6 +34,7 @@ import javax.management.remote.JMXConnec
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnectorServer;
+import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
@@ -44,6 +46,7 @@ public class ConnectorServerFactory {
private MBeanServer server;
private String serviceUrl;
+ private String rmiServerHost;
private Map environment;
private ObjectName objectName;
private boolean threaded = false;
@@ -201,11 +204,12 @@ public class ConnectorServerFactory {
}
public void init() throws Exception {
+ System.out.println("the serviceUrl is " + serviceUrl);
if (this.server == null) {
throw new IllegalArgumentException("server must be set");
}
JMXServiceURL url = new JMXServiceURL(this.serviceUrl);
-
+ setupKarafRMIServerSocketFactory();
if (isClientAuth()) {
this.secured = true;
}
@@ -280,7 +284,7 @@ public class ConnectorServerFactory {
private void setupSsl() throws GeneralSecurityException {
SSLServerSocketFactory sslServerSocketFactory =
keystoreManager.createSSLServerFactory(null, secureProtocol,
algorithm,
keyStore, keyAlias, trustStore, keyStoreAvailabilityTimeout);
- RMIServerSocketFactory rmiServerSocketFactory = new
KarafSslRMIServerSocketFactory(sslServerSocketFactory,
this.isClientAuth());
+ RMIServerSocketFactory rmiServerSocketFactory = new
KarafSslRMIServerSocketFactory(sslServerSocketFactory,
this.isClientAuth(),
getRmiServerHost());
RMIClientSocketFactory rmiClientSocketFactory = new
SslRMIClientSocketFactory();
environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
rmiServerSocketFactory);
environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE,
rmiClientSocketFactory);
@@ -288,20 +292,54 @@ public class ConnectorServerFactory {
// environment.put("com.sun.jndi.rmi.factory.socket",
rmiClientSocketFactory);
}
+ private void setupKarafRMIServerSocketFactory() {
+ RMIServerSocketFactory rmiServerSocketFactory = new
KarafRMIServerSocketFactory(getRmiServerHost());
+
environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE,
rmiServerSocketFactory);
+ }
+
+ public String getRmiServerHost() {
+ return rmiServerHost;
+ }
+
+ public void setRmiServerHost(String rmiServerHost) {
+ this.rmiServerHost = rmiServerHost;
+ }
+
private static class KarafSslRMIServerSocketFactory implements
RMIServerSocketFactory {
private SSLServerSocketFactory sslServerSocketFactory;
private boolean clientAuth;
+ private String rmiServerHost;
- public KarafSslRMIServerSocketFactory(SSLServerSocketFactory
sslServerSocketFactory, boolean clientAuth) {
+ public KarafSslRMIServerSocketFactory(SSLServerSocketFactory
sslServerSocketFactory, boolean clientAuth, String rmiServerHost) {
this.sslServerSocketFactory = sslServerSocketFactory;
this.clientAuth = clientAuth;
+ this.rmiServerHost = rmiServerHost;
}
public ServerSocket createServerSocket(int port) throws
IOException {
- SSLServerSocket sslServerSocket = (SSLServerSocket)
sslServerSocketFactory.createServerSocket(port);
+ System.out.println(rmiServerHost);
+
System.out.println(InetAddress.getByName(rmiServerHost));
+ SSLServerSocket sslServerSocket = (SSLServerSocket)
sslServerSocketFactory.createServerSocket(port, 50,
InetAddress.getByName(rmiServerHost));
sslServerSocket.setNeedClientAuth(clientAuth);
+ System.out.println(sslServerSocket);
return sslServerSocket;
}
}
+
+ private static class KarafRMIServerSocketFactory implements
RMIServerSocketFactory {
+ private String rmiServerHost;
+
+ public KarafRMIServerSocketFactory(String rmiServerHost) {
+ this.rmiServerHost = rmiServerHost;
+ }
+
+ public ServerSocket createServerSocket(int port) throws
IOException {
+ System.out.println(rmiServerHost);
+
System.out.println(InetAddress.getByName(rmiServerHost));
+ ServerSocket serverSocket = (ServerSocket)
ServerSocketFactory.getDefault().createServerSocket(port, 50,
InetAddress.getByName(rmiServerHost));
+ System.out.println(serverSocket);
+ return serverSocket;
+ }
+ }
}
Modified:
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml
URL:
http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml?rev=1476704&r1=1476703&r2=1476704&view=diff
==============================================================================
---
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml
(original)
+++
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/blueprint/karaf-management.xml
Sun Apr 28 01:44:25 2013
@@ -34,6 +34,7 @@
<cm:default-properties>
<cm:property name="rmiRegistryHost" value="0.0.0.0"/>
<cm:property name="rmiRegistryPort" value="1099"/>
+ <cm:property name="rmiServerHost" value="0.0.0.0"/>
<cm:property name="rmiServerPort" value="44444"/>
<cm:property name="jmxRealm" value="karaf"/>
<cm:property name="jmxRole" value="$[karaf.admin.role]"/>
@@ -80,6 +81,7 @@
destroy-method="destroy">
<property name="server" ref="mbeanServer"/>
<property name="serviceUrl" value="${serviceUrl}"/>
+ <property name="rmiServerHost" value="${rmiServerHost}"/>
<property name="daemon" value="${daemon}"/>
<property name="threaded" value="${threaded}"/>
<property name="objectName" value="${objectName}"/>
Modified:
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties
URL:
http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1476704&r1=1476703&r2=1476704&view=diff
==============================================================================
---
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties
(original)
+++
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.properties
Sun Apr 28 01:44:25 2013
@@ -30,6 +30,9 @@ rmiRegistryHost.description = host of th
rmiRegistryPort.name = RMI Registry Port
rmiRegistryPort.description = port of the registry for the exported
RMI
service
+rmiServerHost.name = RMI Server Host
+rmiServerHost.description = host of the server for the exported RMI
objects. Blank for all interfaces
+
rmiServerPort.name = RMI Server Port
rmiServerPort.description = port of the server for the exported RMI
objects
Modified:
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml
URL:
http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml?rev=1476704&r1=1476703&r2=1476704&view=diff
==============================================================================
---
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml
(original)
+++
karaf/branches/karaf-2.x/management/server/src/main/resources/OSGI-INF/metatype/metatype.xml
Sun Apr 28 01:44:25 2013
@@ -23,6 +23,8 @@
description="%rmiRegistryHost.description"/>
<AD id="rmiRegistryPort" type="Integer" default="1099"
name="%rmiRegistryPort.name"
description="%rmiRegistryPort.description"/>
+ <AD id="rmiServerHost" type="String" default=""
name="%rmiServerHost.name"
+ description="%rmiServerHost.description"/>
<AD id="rmiServerPort" type="Integer" default="44444"
name="%rmiServerPort.name"
description="%rmiServerPort.description"/>
<AD id="jmxRealm" type="String" default="karaf"
name="%jmxRealm.name"
