DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39057>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39057 Summary: Firewall access for JSR 160 JMX with Java 5 Product: Tomcat 5 Version: 5.5.16 Platform: Other OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html states: Note:The JSR 160 JMX-Adaptor opens a second data protocol port. That is a problem when you have installed a local firewall. This can be fixed by using a custom JMXConnectorServer to control both ports thus allowing firewall access. Eg. This is a GLP I threw together to try it out: public class JMXPortServer extends HttpServlet { static JMXConnectorServer cs; static String jmxHost; static { try { final InetAddress host = InetAddress.getLocalHost(); jmxHost = host.getHostName(); final int jmxPort = Integer.parseInt(System.getProperty("org.jasig.portal.jmxPort")); final int jmxPort2 = jmxPort + 1; LocateRegistry.createRegistry(jmxPort); System.err.println("getPlatformMBeanServer()"); MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); HashMap env = new HashMap(); final String sslProperty = "com.sun.management.jmxremote.ssl"; String value = System.getProperty(sslProperty); if (Boolean.getBoolean(value)) { SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory(); SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(); env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf); env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf); } final String passwordFileProperty = "com.sun.management.jmxremote.password.file"; value = System.getProperty(passwordFileProperty); if (value != null) { env.put("jmx.remote.x.password.file", value); } final String jmxUrl = "service:jmx:rmi://" + jmxHost + ":" + jmxPort2 +"/jndi/rmi://" + jmxHost + ":" + jmxPort + "/server"; final JMXServiceURL url = new JMXServiceURL(jmxUrl); cs = JMXConnectorServerFactory.newJMXConnectorServer( url, env, mbs); try { cs.start(); LogService.log(LogService.INFO, "JMXPrtServer started on " + jmxUrl); } catch (IOException ex) { LogService.log(LogService.ERROR, ex); } } catch (Exception ex) { System.err.println(ex); } } } I tell tomcat to load the servlet through web.xml and start the JVM with: -Dcom.sun.management.jmxremote -Dorg.jasig.portal.jmxPort=7087 -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=/usr/local/src/myUBC2/conf/jmxremote.password I then run jconsole on my desktop with: jconsole service:jmx:rmi://host:7088/jndi/rmi://host:7087/server and, bingo, JMX access. It would be be better if this was built into Tomcat as a configuration option, rather than having to do it as part of every Tomcat instance. I haven't tried out the ssl connection code (I got this code from http://forum.java.sun.com/thread.jspa?forumID=58&threadID=703567) -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
